|
Northerner
splelling chceker


Registered: 07/29/12
Posts: 14,135
Loc: FNQ
Last seen: 37 minutes, 51 seconds
|
MediaTek leaves debugging code in firmware, all devices can get owned now. 3
#27558186 - 11/26/21 06:50 AM (2 years, 2 months ago) |
|
|
Four CVE's for MediaTek chips have been announced. They left their development code in their firmware, and now that being combined with another attack can gain root level control of devices. These critical vulnerabilities effect %37 of all Android phones and IoT devices globally. They allow attackers to intercept traffic and take control of effected devices. What's worse is many vulnerable devices despite being in use are abandoned by manufacturers and will never see security updates, ever. Literally billions of devices ready for cybercrims to own and do whatever the hell they like with.
It wouldn't be unreasonable to predict botnets like never before, massive unmitigatable DDOS attacks, brute forcing of secure networks... so much computing power just sat there waiting for someone to step up and take it.
It's a great day for the red team.
--------------------
The nearest we ever come to knowing truth is when we are witness to paradox.
|
RedRH
FNG


Registered: 12/20/21
Posts: 222
Loc: ///symphony.strangest.hardware
Last seen: 6 months, 12 hours
|
Re: MediaTek leaves debugging code in firmware, all devices can get owned now. [Re: Northerner]
#27646847 - 02/05/22 10:36 AM (1 year, 11 months ago) |
|
|
Quote:
Northerner said: Four CVE's for MediaTek chips have been announced. They left their development code in their firmware, and now that being combined with another attack can gain root level control of devices. These critical vulnerabilities effect %37 of all Android phones and IoT devices globally. They allow attackers to intercept traffic and take control of effected devices. What's worse is many vulnerable devices despite being in use are abandoned by manufacturers and will never see security updates, ever. Literally billions of devices ready for cybercrims to own and do whatever the hell they like with.
It wouldn't be unreasonable to predict botnets like never before, massive unmitigatable DDOS attacks, brute forcing of secure networks... so much computing power just sat there waiting for someone to step up and take it.
It's a great day for the red team.
Is there any info yet regarding the models that are vulnerable?
|
Northerner
splelling chceker


Registered: 07/29/12
Posts: 14,135
Loc: FNQ
Last seen: 37 minutes, 51 seconds
|
Re: MediaTek leaves debugging code in firmware, all devices can get owned now. [Re: RedRH]
#27647058 - 02/05/22 02:08 PM (1 year, 11 months ago) |
|
|
Just check your specs and see what chip it has if you're interested if you're device is vulnerable. You'll see that in all likelihood you will either have a Qualcomm or MediaTek chipset.
Making a list would be insane due to the scale, and probably impossible to complete.
--------------------
The nearest we ever come to knowing truth is when we are witness to paradox.
|
BSUUF2
derails threads



Registered: 10/15/20
Posts: 666
Loc: not that important
Last seen: 1 year, 10 months
|
Re: MediaTek leaves debugging code in firmware, all devices can get owned now. [Re: Northerner]
#27647269 - 02/05/22 05:12 PM (1 year, 11 months ago) |
|
|
I've got a target laying around: Lenovo IdeaTab A7600-H, Mediatek MT8382
Maybe gonna mess around with it (put Gentoo on ).
-------------------- LAGM2022
|
Northerner
splelling chceker


Registered: 07/29/12
Posts: 14,135
Loc: FNQ
Last seen: 37 minutes, 51 seconds
|
Re: MediaTek leaves debugging code in firmware, all devices can get owned now. [Re: BSUUF2]
#27647405 - 02/05/22 06:44 PM (1 year, 11 months ago) |
|
|
Yeah, unfortunately it doesn't really matter which operating system is on it. :P
--------------------
The nearest we ever come to knowing truth is when we are witness to paradox.
|
|