Home | Community | Message Board

World Seed Supply
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post Pages: 1
OfflineNorthernerM
splelling chceker
 User Gallery

Registered: 07/29/12
Posts: 14,135
Loc: FNQ
Last seen: 37 minutes, 51 seconds
MediaTek leaves debugging code in firmware, all devices can get owned now. * 3
    #27558186 - 11/26/21 06:50 AM (2 years, 2 months ago)

Four CVE's for MediaTek chips have been announced. They left their development code in their firmware, and now that being combined with another attack can gain root level control of devices. These critical vulnerabilities effect %37 of all Android phones and IoT devices globally. They allow attackers to intercept traffic and take control of effected devices. What's worse is many vulnerable devices despite being in use are abandoned by manufacturers and will never see security updates, ever. Literally billions of devices ready for cybercrims to own and do whatever the hell they like with.

It wouldn't be unreasonable to predict botnets like never before, massive unmitigatable DDOS attacks, brute forcing of secure networks... so much computing power just sat there waiting for someone to step up and take it.

It's a great day for the red team.


--------------------
The nearest we ever come to knowing truth is when we are witness to paradox.


Extras: Filter Print Post Top
OfflineRedRH
FNG
Male User Gallery

Registered: 12/20/21
Posts: 222
Loc: ///symphony.strangest.hardware
Last seen: 6 months, 12 hours
Re: MediaTek leaves debugging code in firmware, all devices can get owned now. [Re: Northerner]
    #27646847 - 02/05/22 10:36 AM (1 year, 11 months ago)

Quote:

Northerner said:
Four CVE's for MediaTek chips have been announced. They left their development code in their firmware, and now that being combined with another attack can gain root level control of devices. These critical vulnerabilities effect %37 of all Android phones and IoT devices globally. They allow attackers to intercept traffic and take control of effected devices. What's worse is many vulnerable devices despite being in use are abandoned by manufacturers and will never see security updates, ever. Literally billions of devices ready for cybercrims to own and do whatever the hell they like with.

It wouldn't be unreasonable to predict botnets like never before, massive unmitigatable DDOS attacks, brute forcing of secure networks... so much computing power just sat there waiting for someone to step up and take it.

It's a great day for the red team.




Is there any info yet regarding the models that are vulnerable?


Extras: Filter Print Post Top
OfflineNorthernerM
splelling chceker
 User Gallery

Registered: 07/29/12
Posts: 14,135
Loc: FNQ
Last seen: 37 minutes, 51 seconds
Re: MediaTek leaves debugging code in firmware, all devices can get owned now. [Re: RedRH]
    #27647058 - 02/05/22 02:08 PM (1 year, 11 months ago)

Just check your specs and see what chip it has if you're interested if you're device is vulnerable. You'll see that in all likelihood you will either have a Qualcomm or MediaTek chipset.

Making a list would be insane due to the scale, and probably impossible to complete.


--------------------
The nearest we ever come to knowing truth is when we are witness to paradox.


Extras: Filter Print Post Top
OfflineBSUUF2
derails threads
I'm a teapot User Gallery


Registered: 10/15/20
Posts: 666 666 Posts!
Loc: not that important
Last seen: 1 year, 10 months
Re: MediaTek leaves debugging code in firmware, all devices can get owned now. [Re: Northerner]
    #27647269 - 02/05/22 05:12 PM (1 year, 11 months ago)

I've got a target laying around: Lenovo IdeaTab A7600-H, Mediatek MT8382

Maybe gonna mess around with it (put Gentoo on :grin:).


--------------------
LAGM2022


Extras: Filter Print Post Top
OfflineNorthernerM
splelling chceker
 User Gallery

Registered: 07/29/12
Posts: 14,135
Loc: FNQ
Last seen: 37 minutes, 51 seconds
Re: MediaTek leaves debugging code in firmware, all devices can get owned now. [Re: BSUUF2]
    #27647405 - 02/05/22 06:44 PM (1 year, 11 months ago)

Yeah, unfortunately it doesn't really matter which operating system is on it.  :P


--------------------
The nearest we ever come to knowing truth is when we are witness to paradox.


Extras: Filter Print Post Top
Jump to top Pages: 1


Similar ThreadsPosterViewsRepliesLast post
* Firmware upgrade---How do I do it?? Se77vN 833 4 10/17/05 01:52 PM
by drtyfrnk
* External Hard Drive Problem (This device cannot start. (Code 10) muse_sick 1,283 6 08/25/05 04:50 PM
by ManicDelirium
* Tomato firmware beatyou 2,315 3 02/07/08 02:33 PM
by beatyou
* C++ Gravity Simulator Program-- need some help debugging cortex 3,275 10 12/14/10 03:28 AM
by Annom
* Designing Codes, Possible to make undecipherable?
( 1 2 all )
HagbardCeline 4,182 20 08/31/03 07:49 PM
by Mal_Fenderson
* iPhone firmware haxjester 412 0 09/04/08 11:12 AM
by haxjester
* Go to the store and name your price! with re-code.com
( 1 2 all )
Lana 4,329 39 06/03/03 10:22 AM
by Raadt
* Crack this code! It should be easy!
( 1 2 all )
gir 2,404 22 06/06/03 03:12 AM
by SHiZNO

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
402 topic views. 0 members, 0 guests and 1 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.025 seconds spending 0.007 seconds on 14 queries.