How many times have you heard that your data is not secure, that today technology is seriously challenging global security? Unfortunately, in part we must give reasons to these rumors, as it is almost on the agenda that system flaws are discovered, especially in the world of Android smartphones, too often diversified by proprietary interfaces, but above all by the choice of processors.
Unfortunately, as we will tell you today, the protagonist in the negative is MediaTek, the well-known Taiwanese manufacturer of processors for mobile devices, often considered badly by mobile users because of the poor performance it offers on devices equipped with such SoCs. But today the story concerns other, that is a vulnerability discovered within some MediaTek chips, potentially dangerous that has involved and still involves many devices.
In fact, it should be specified that MediaTek's liability is limited, since as early as May 2019 it had noticed the flaw and had released a patch to solve it, but not all smartphone manufacturers have implemented and implemented it on their devices. The fact is, that a member of XDA discovered the exploit and used it, fortunately for purposes not related to bad faith, indeed for positive purposes, but this does not detract from the negative potential that the security flaw brings.
In particular, the member of XDA used the exploit to acquire root permissions from Amazon's Tablet Fire, difficult to mood because it basically assumes a non-unlockable bootloader, specially implemented by Amazon to not allow the execution of services outside its ecosystem. By exploiting the vulnerability of the MediaTek chip, the modder managed to obtain root permissions by bypassing the unlocking of the bootloader.
Dangerous discovery of MediaTek SoC vulnerabilities: find out if your OPPO / Realme is at risk
This vulnerability is present on the following MediaTek chipsets:MT6735, MT6737, MT6738, MT6739, MT6750, MT6753, MT6755, MT6757, MT6758, MT6761, MT6762, MT6763, MT6765, MT6771, MT6779, MT6795, MT6797, MT6799, MT8163, MT8167, MT8173, MT8176, MT8183,. Among the devices involved we find the Realme 1, but also OPPO A5, OPPO F5 / A73 series (android 8.x only), OPPO F7 series (android 8.x only) and OPPO F9 series (android 8.x only), to name a few.
You will wonder why this vulnerability is so dangerous, and the answer is that the bootloader makes it possible to verify the signature in the boot image of the operating system, making it possible to boot only to official software, that is, where a security standard is guaranteed, but if we unlock the bootloader by acquiring root permissions, we certainly get benefits on the modding front but we also expose ourselves to potential risks, such as access to personal information.
But in this case the danger is represented precisely by the fact that we can acquire root permissions without unlocking the bootloader, with the possibility of doing it remotely, through an external app that executes the lines of malicious code without the user's knowledge. . In any case, MediaTek itself has shared the notes on the vulnerability that is present on Linux kernel versions 3.18, 4.4, 4.9 and 4.14 with Android versions Nougat, Oreo and Pie.
But how to check if your device is affected by this vulnerability? You can continue a check via a script released on the XDA forum and reachable , promising: if you get access to shell di root it means that the MediaTek-su vulnerability can be exploited on your device. If so, all you have to do is hope that an update will come from the manufacturer of your device or that it will get the security patches updated in March 2020.
