MediaTek has officially confirmed the existence of a software bug that has put several Android devices running the company’s chipsets at risk. The chip-maker says the issue in question only affects Android 4.4 KitKat devices.
First reported by security researcher Justin Case earlier this month, the bug could potentially allow an attacker to enable root access on a vulnerable device. « Root user could do many things, such as access data normally protected from the user/ other apps, or brick the phone, or spy on the user, monitor communications etc, » Case said.
For its part, MediaTek explained that the vulnerability stems from a debug feature that the chip-maker said smartphone manufacturers should have disabled before shipping the devices.
« We are aware of this issue and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China, » a MediaTek spokesperson said.
« After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn’t disable the feature, resulting in this potential security issue. »
MediaTek, however, didn’t provide anymore details, just saying that the issue affects « a portion of devices » from « certain manufacturers, » and adding that it has alerted all manufacturers about the feature.