MediaTek has officially announced that several Android devices, running their chipset, have been put at risk due to a software bug. The chipmaker confirmed that only Android KitKat 4.4 devices will be affected by the chipset vulnerability and added that its security team is currently working on the issue.
Justin Case, a security researcher, reported the vulnerability of the MediaTek chipset earlier this month on Twitter. Justin explained the vulnerability as having a “backdoor” that allows a user or a malicious application to enable what is called “Root Access” resulting in the ability to change restricted and read-only properties as well as spying on users by monitoring their communication.
On the other hand, MediaTek itself explained the issue as the result of not disabling the bug feature before shipping the smartphones. The feature was mainly created for telecommunication inter-operability testing by Chinese manufacturers which MediaTek refused to disclose their names.
“We are aware of this issue and it has been reviewed by Mediatek’s security team.”
A MediaTek spokesperson said. He also added;
“After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn’t disable the feature, resulting in this potential security issue.”
MediaTek refused to specify the smartphone models and the number of handsets that are impacted. The company insisted that the issue only affects certain manufacturers and it has begun to alert them.
“While this issue affected certain manufacturers, it also only affected a portion of devices for those manufacturers. We have taken steps to alert all manufacturers and remind them of this important feature.”