MediaTek has officially confirmed the existence of a software bug that has put several Android devices running the company’s chipsets at risk. The chip-maker says the issue in question only affects Android 4.4 KitKat devices.
Først rapporteret af sikkerhedsforsker Justin Case tidligere i denne måned, kunne fejlen potentielt give en angriber mulighed for at aktivere rodadgang på en sårbar enhed. "Rootbruger kunne gøre mange ting, såsom adgangsdata, der normalt er beskyttet mod brugeren / andre apps, eller muret telefonen eller spionerer efter brugeren, overvåger kommunikation osv." Sagde Case.
MediaTek forklarede på sin side, at sårbarheden stammer fra en fejlfunktion, som chipproducenten sagde, at smartphone-producenterne skulle have deaktiveret, før de sendte enhederne.
“We are aware of this issue and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China,” a MediaTek spokesperson said.
“After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn’t disable the feature, resulting in this potential security issue.”
MediaTek, however, didn’t provide anymore details, just saying that the issue affects “a portion of devices” from “certain manufacturers,” and adding that it has alerted all manufacturers about the feature.