MediaTek bug allows hackers to control users’ smartphones

Hackers, these days, are getting notoriously good at exploiting vulnerabilities in smartphones to their advantage. While Google releases security patches for Android smartphones every month, it is upon smartphone makers to roll out these updates to their devices. But what if device makers don't roll out an update to their smartphones?

Folks at XDA Developers recently discovered a vulnerability in MediaTek chipsets that could allow hackers to control users' smartphones. This means that hackers can do anything from accessing users' private data to installing malicious apps using the exploit dubbed as 'MediaTek-Su'.

What's worrying is the fact that this exploit affects almost all of MediaTek's 64-bit chipsets, which is a total of 25 system-on-chips and potentially millions of smartphones across the globe.

The publication discovered the security exploit in early February following which it contacted MediaTek about the same. Turns out, MediaTek knew about this vulnerability since April 2019. It even released an update to patch the bug a month after it discovered the exploit. But, the smartphone makers, the companies that roll out these updates to their respective smartphones, didn't roll out the update to the affected smartphones.

Soon after, the publication contacted Google to force tech companies to roll out the update to the affected smartphones. Instead, Google asked the publication to hold publishing information about this exploit until it released its March security patch assuming that the issue would be mitigated when its releases its latest security updates.

Now, security updates are rolled out by smartphone makers in a phased manner, which means that it could be months before the Marchi security patch arrives on some of the smartphones powered by the affected MediaTek processors. In the meantime, hackers can install adware, ransomware and other malicious softwares on users' smartphones.