If you own a MediaTek based Android phones – don’t panic –
but a high-severity flaw in MediaTek’s command queue driver is being exploited
The MediaTek bug, discovered in April 2019 but not made public until now, is an elevation-of-privilege flaw (CVE-2020-0069) discovered by members of XDA-Developers (Forum here).
As is customary the bug notices remained silent to allow MediaTek
time to develop a patch – which it has done. The problem is that unlike a
Google Security Patches this has to be issued by the handset manufacturer and –
well we know how bad they can be.
The chip models on which the vulnerability is present, and
then shared the list : MT6735, MT6737, MT6738, MT6739, MT6750, MT6753, MT6755,
MT6757, MT6758, MT6761, MT6762, MT6763, MT6765, MT6771, MT6779, MT6795, MT6797,
MT6799, MT8163, MT8167, MT8173, MT8176, MT8183, MT6580 and MT6595.
This includes smartphones and tablets (some Amazon Fire
tablets) using MediaTek chips. This means thousands of obscure OEM/ODM models and
millions of low-to-mid range handsets using Android 7 or later.
Frankly – if you have not received a very recent firmware update
for your phone (not just a Google security update) you should avoid using it
for any online banking or secure purposes. Google has also addressed it in the March 2020 security
GadgetGuy’s take – don’t panic if you have a MediaTek based Android
We usually refrain from any sensationalism and sky is falling stuff. This verges on serious because Trend Micro has identified Play Store Apps that carry the payload.
As a precaution you should be running a paid Antimalware solution from a reputable company as these can prevent infection.
You can see MediaTek based phones we have reviewed here