The OS is MIUI Global 12.5.2.0 (Android 11 RP1A.200720.011).Īs there are only a few media related drivers presented on the device, it was not difficult to find the driver that is responsible for communication between the AP and the DSP. We used a rooted Xiaomi Redmi Note 9 5G smartphone based on MT6853 (Dimensity 800U) chipset as the testing device. Obviously, there must be a driver that waits for requests from the Android user space, and then, using some kind of Inter-processor communication (IPC), forwards these requests to the DSP for processing. First, we need to understand how Android running on the Application processor (AP) communicates with the audio processor. The goal of our research is to find a way to attack the audio DSP from Android. A successful exploitation of the DSP vulnerabilities could potentially allow an attacker to listen to user conversations and/or hide malicious code. In this study, we reverse-engineered the MediaTek audio DSP firmware despite the unique opcodes and processor registers, and discovered several vulnerabilities that are accessible from the Android user space.īy chaining with vulnerabilities in Original equipment manufacturer (OEM) partner’s libraries, the MediaTek security issues we found could lead to local privilege escalation from an Android application. This fact makes MediaTek DSP a unique and challenging target for security research. The Tensilica processor platform allows chip manufacturers to extend the base Xtensa instruction set with custom instructions to optimize particular algorithms and prevent them from being copied. Both the APU and the audio DSP have custom Tensilica Xtensa microprocessor architecture. Modern MediaTek SoCs, including the latest Dimensity series, contain a special AI processing unit (APU) and audio Digital signal processor (DSP) to improve media performance and reduce CPU usage. MediaTek Systems on a chip (SoCs) are embedded in approximately 37% of all smartphones and IoT devices in the world, including high-end phones from Xiaomi, Oppo, Realme, Vivo and more. Taiwan’s MediaTek has been the global smartphone chip leader since Q3 2020. Research By: Slava Makkaveev Introduction Looking for vulnerabilities in MediaTek audio DSP
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |