Google Publishes Patchwork For Critical MediaTek Vulnerability

CISO Mag | March 06, 2020

  • The issue was first reported on the XDA forum back in April 2019.

  • The exploit was successfully tested on all MediaTek 64-bit chipsets used in several devices including Motorola and OPPO.

  • The vulnerability allowed an attacker to install a malicious application on the device and have unrestricted access to all the files including private data directories.



The MediaTek vulnerability that was reported in Androids back in April 2019 was finally taken care of by Google. The critical vulnerability affected millions of users using devices with MediaTek chips (now tracked as CVE-2020-0069). The issue was first reported on the XDA forum, one of the largest forums for Android software modifications. Overall, Google published patches for over 70 software vulnerabilities in its Android Security bulletin.


MediaTek is a large Taiwanese chip design company that provides chips for wireless communications, High-definition television, and devices like smartphones and tablets. The vulnerability is a rootkit lodged in the CPU's firmware. It allows a simple script to root Android devices that use nearly any of MediaTek's 64-bit chips, so it has compromised hundreds of budget and mid-range smartphone, tablet and set-top box models, XDA says.


MediaTek Bug


The Amazon Fire tablets are heavily guarded, and the tablet manufacturer does not provide an official method to unlock the bootloader of Fire tablets. The only way to root the Fire tablet without hardware modifications is to find a loophole in the software itself that bypasses Android’s security model. An active member of the forum did just that and hit the bull’s eye only to discover that the exploit had a greater outreach and not just limited to the Amazon Fire Tablet.


The exploit was successfully tested on all MediaTek 64-bit chipsets used in several devices including Motorola, OPPO, Sony, Alcatel, Amazon, ASUS, Blackview, Realme, Xiaomi, and more. On gaining root shell access and privileges, an attacker can install a malicious application on the device and have unrestricted access to all the files including private data directories.


MediaTek chips power hundreds of budget and mid-range smartphone models, cheap tablets, and off-brand set-top boxes, most of which are sold without the expectation of timely updates from the manufacturer. Many devices still affected by MediaTek-su are thus unlikely to get a fix for weeks or months after today’s disclosure, if they get one at all.

- XDA Developers


This was a grave concern and thus reported to MediaTek immediately. However, XDA states that although MediaTek released a security patch to fix the issue in a month’s time, it was continued to be exploited in the wild by many hacking groups until recently.


READ MORE: Iphone vs. Android: whats more secure? Experts talk about mobile security


MediaTek turned to Google for a helping hand, after failing to fix the issue and considering the high severity of it, in February 2020. Google’s engineers obliged as it also affected its flagship Android mobile device brand – Pixel. On March 3, 2020, Google released an Android Security Bulletin for March 2020 in which it announced the fixture of over 70 various issues affecting its Android devices including CVE-2020-0069.


Earlier in 2019, Google’s security researchers discovered that an iPhone could be turned into a surveillance tool exposing a victim’s sensitive information including contacts, Live Location, chat history, emails, photos, and passwords. A total of fourteen vulnerabilities spread across five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes were discovered and later fixed.


Now that Google's March 2020 security patch has been released, most devices should ideally be able to update it until and unless the manufacturer releases it further.


READ MORE: Facial recognition biz clearview AI suffers data breach

Spotlight

If you would like to detect malware or potential risk in SAMSUNG Galaxy M20, then follow the presented video to smoothly get into advanced settings of your Samsung device and use a simple trick to successfully accomplish anti-virus scan. In the result, you will be sure that your Samsung device is secure.

Spotlight

If you would like to detect malware or potential risk in SAMSUNG Galaxy M20, then follow the presented video to smoothly get into advanced settings of your Samsung device and use a simple trick to successfully accomplish anti-virus scan. In the result, you will be sure that your Samsung device is secure.

Related News

PLATFORM SECURITY

Sophos Announces Sophos X-Ops

Sophos | July 21, 2022

Sophos, a global leader in next-generation cybersecurity, today announced Sophos X-Ops, a new cross-operational unit linking SophosLabs, Sophos SecOps and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organizations better defend against constantly changing and increasingly complex cyberattacks. Sophos X-Ops leverages the predictive, real-time, real-world, and deeply researched threat intelligence from each group, which, in turn, collaborate to deliver stronger, more innovative protection, detection and response capabilities. Sophos today is also issuing “OODA: Sophos X-Ops Takes on Burgeoning SQL Server Attacks,” research about increased attacks against unpatched Microsoft SQL servers and how attackers used a fake downloading site and grey-market remote access tools to distribute multiple ransomware families. Sophos X-Ops identified and thwarted the attacks because the Sophos X-Ops teams combined their respective knowledge of the incidents, jointly analyzed them, and took action to quickly contain and neutralize the adversaries. “Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering and investigative specializations have emerged. Scalable end-to-end operations now need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and numerous other experts, and they need an organizational structure that avoids silos,” said Joe Levy, chief technology and product officer, Sophos. “We’ve unified three globally recognized and mature teams within Sophos to provide this breadth of critical, subject matter and process expertise. Joined together as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response and remediation capabilities, and rigorous artificial intelligence to measurably improve threat detection and response. Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.” Speaking in March 2022 to the Detroit Economic Club about the FBI partnering with the private sector to counter the cyber threat, FBI Director Christopher Wray said, “What partnership lets us do is hit our adversaries at every point, from the victims’ networks back all the way to the hackers’ own computers, because when it comes to the FBI’s cyber strategy, we know trying to stand in the goal and block shots isn’t going to get the job done. “We’re disrupting three things: the threat actors, their infrastructure and their money. And we have the most durable impact when we work with all of our partners to disrupt all three together.” Sophos X-Ops is taking a similar approach: gathering and operating on threat intelligence from its own multidisciplinary groups to help stop attackers earlier, preventing or minimizing the harms of ransomware, espionage or other cybercrimes that can befall organizations of all types and sizes, and working with law enforcement to neutralize attacker infrastructure. While Sophos’ internal teams already share information as a matter of course, the formal creation of Sophos X-Ops drives forward a faster, more streamlined process necessary to counter equally fast-moving adversaries. “Effective cybersecurity requires robust collaboration at all levels, both internally and externally; it is the only way to discover, analyze and counter malicious cyber actors at speed at scale. Combining these separate teams into Sophos X-Ops shows that Sophos understands this principle and is acting on it.” Michael Daniel, president and CEO, Cyber Threat Alliance Sophos X-Ops also provides a stronger cross-operational foundation for innovation, an essential component of cybersecurity due to the aggressive advancements in organized cybercrime. By intertwining the expertise of each group, Sophos is pioneering the concept of an artificial intelligence (AI) assisted Security Operations Center (SOC), which anticipates the intentions of security analysts and provides relevant defensive actions. In the SOC of the future, Sophos believes this approach will dramatically accelerate security workflows and the ability to more quickly detect and respond to novel and priority indicators of compromise. “The adversary community has figured out how to work together to commoditize certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it. The Sophos X-Ops umbrella is a noted example of stealing a page from the cyber miscreants’ tactics by allowing cross-collaboration amongst different internal threat intelligence groups,” said Craig Robinson, IDC research vice president, Security Services. “Combining the ability to cut across a wide breadth of threat intelligence expertise with AI assisted features in the SOC allows organizations to better predict and prepare for imminent and future attacks.” About Sophos Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today’s most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide.

Read More

PLATFORM SECURITY

CyberProof Collaborates with Microsoft on Security Portfolio

CyberProof | June 22, 2022

CyberProof, a UST company, announced a partnership with Microsoft and can provide Managed Extended Detection and Response (MXDR) capabilities for Microsoft Security Services for Enterprise, a new managed service for large enterprise customers that is part of Microsoft's new security services portfolio. Microsoft Security Services for business is a comprehensive, expert-led service that manages onboarding, everyday interaction, practice modernization, and incident response by combining proactive threat hunting and MXDR with devoted Microsoft security experts. The service extends threat detection and response across Microsoft 365 Defender and Microsoft Sentinel security solutions by leveraging the human expertise and service delivery experience of MXDR providers like CyberProof and internal Microsoft teams. Customers can mitigate the cybersecurity risks associated with digital transition by leveraging CyberProof's experience with the most difficult, enterprise-scale changes. The CyberProof Defense Center platform runs on Microsoft Azure natively and connects with the Microsoft Security Stack. This allows CyberProof to assist organizations in addressing critical difficulties as they grow their security operations, ranging from log gathering and analysis to proactive search for malicious threat behavior. CyberProof's nation-state qualified cybersecurity professionals offer Managed XDR services and experience to companies wishing to transition from old on-premises security solutions to cloud-native protection. CyberProof partners with Microsoft as a Microsoft Gold Partner, with R&D teams in Tel Aviv working closely together to provide customers with end-to-end security services such as advanced threat intelligence and hunting, use case engineering, and vulnerability management. Microsoft's entry into this industry validates the importance of sophisticated MXDR services, which are quickly rising. Gartner predicts that by 2025, half of enterprises will be employing MDR services for threat monitoring, detection, and response tasks that provide threat containment and mitigation capabilities. "Our Managed XDR service offering indicates a shift in security operations supported by cloud-native technology. Forward-thinking CISOs are quickly discovering the many benefits of a cloud-native security architecture and we are helping them solve the most complex challenges as co-innovation partners with Microsoft." He continued, "We are proud to work together with Microsoft as a part of Microsoft's partner community and are excited about the process Microsoft is undergoing," said Tony Velleca, Chief Executive Officer, CyberProof. "CyberProof shares Microsoft's belief in the crucial importance of collaborating within the cybersecurity community to improve customers' threat detection and response capabilities. As members of Microsoft's partner community, we are now offering Managed XDR for Microsoft 365 Defender and Microsoft Sentinel in our portfolio." He added, "CyberProof was among the first to deploy Microsoft Sentinel in a highly regulated, global enterprise, and today, our close partnership with Microsoft is expanding to address the increasing demand for Managed XDR services." Yuval Wollman, President, CyberProof "CyberProof is committed to collaboration within the cybersecurity community. We value CyberProof's capabilities in cyber defense and appreciate the team working with us to improve the ability of our customers to predict, detect, and respond to security threats faster." said Kelly Bissell, Corporate Vice President of Security Service Line, Microsoft.

Read More

PLATFORM SECURITY

Thrive Acquires Edge Technology Group

Thrive | July 04, 2022

Thrive, a prominent supplier of cybersecurity and digital transformation managed services, announced today the acquisition of Edge Technology Group, a leading worldwide technology consulting and fully managed IT service provider for alternate investment managers located in Connecticut. Edge Technology Group's purchase adds new worldwide offices and data centers in the United Kingdom, Australia, Singapore, Hong Kong, and the Philippines, bolstering Thrive's international footprint for all clients. Edge clients throughout the world, including hedge funds, private equity companies, family offices, and asset managers, will now have access to Thrive's next-generation managed cybersecurity, collaboration, and cloud services. Edge, founded in 2007, is a worldwide technology advisory and fully managed financial services IT service company that offers alternative investment manager advisory services and cloud computing solutions. Edge services over 300 hedge fund, asset manager, private equity, REIT, and wealth management clients, offering public cloud configurations tailored to each client's specific business needs. Edge Technology Group employs 265 people, including a team of client-focused IT strategists and engineers. "Edge Technology Group is the leading Financial Industry MSP in the world. Their talented engineering and account management teams will now have access to the Thrive Automation Platform and our 24x7x365 comprehensive suite of Cybersecurity SOC services to enhance the Edge client experience." Rob Stephenson, Thrive's CEO "As a founder-owned managed services provider, we are fully immersed in advancing clients' alternative investment practices via our IT advisory services and cloud computing solutions. Edge is thrilled to join the Thrive family as their client-first commitment is perfectly aligned with ours and their advanced cybersecurity, automation, collaboration and managed services platform will expedite our customers' Digital Transformation journey," said Jim Nekos, CEO, Edge Technology Group. Thrive will have over 1,000 people servicing customers all around the globe as a result of this purchase, consolidating its position as the premier technology outsourcing service for the financial industry. Edge Technology Group is Thrive's fourth acquisition in 2022, solidifying the company's worldwide position as a premier technology supplier offering end-to-end managed services and unrivaled experience to achieve secure digital transformation.

Read More