MediaTek Bug Affecting Millions of Android Devices
By Yash Kudal
Google has addressed a critical bug in MediaTek’s Command Queue which developers say has affected millions of devices which is already circulating in the wild.
And in its March 2020 Android Security Issue, released this week, Google disclosed and fixed the vulnerability in the Android media framework, which could allow remote execution.
The vulnerability (CVE-2020-0032) can be misused by a file, according to the advisor. Some details were unclear, out of all the vulnerabilities found in march, google stated that this is the most concerning vulnerability.
MediaTek bug is a privilege escalation (CVE-2020-0069) discovered by members of the XDA-Developers (Android software exchange forum) – they have stated that this is a root access matter. XDA members said in a post this week that the exploit has been circulating since April last year. Also, they say it is now being actively used by cyber criminals.
“Although MediaTek still making a fix available one month after its availability, this vulnerability is widely used in many device models,” according to the warning. “Now MediaTek has turned to Google to patch the gap and protect millions of devices from this threat.”
An XDA community member who passed by “diplomatic” wanted to gain root access to Amazon Fire tablets, running Android OS with the mediatek chip, in order to remove what developers said was “unbearable damage” to devices. Amazon locked the environment down to keep users inside its walled zone, according to developers.
The only way to remove Amazon Fire Tablet (excluding Hardware) is to get the benefit of software that allows the user to bypass Android, according to the post. In February of 2019, that is exactly what the XDA Senior Member was doing when we published the thread on our Amazon Fire forums. He quickly realized that this vulnerability was far wider than just Amazon’s fire pills.
In fact, the exploit applies to “almost all MediaTek’s-bit chips,” the developers said, translating millions of devices.
This exploitation is a script, called “MediaTek-su” that gives users greater access to the shell. It also puts SELinux (a Linux kernel module that provides access control for processes), in the “least secure” region, according to the post.
For the user to gain root access and set up SELinux to enable their device is very easy to do, all you have to do is copy the script to a temporary folder, change the references to the archive, add valid text permissions and use the text, explained XDA members.
After receiving the text and how dangerous it would be in February, the forum notified Google of the bug, members said. XDA noted that in January, Trend Micro discovered three malicious spyware on the Google Play Store, linked to APT known as SideWinder. The analysis points to the fact that apps were using MediaTek-su to gain root access to Pixel devices – or XDA revealed that researchers there may not have been aware that MediaTek-su was unfixed and didn’t mind informing the marketers.
The results of a successful attack may seem important: With root access, any application can give itself any permission it wants; and through the root shell, all files on the device, even those stored in the application’s private data directory, are available.