Ua ʻike nā mea noiʻi mai Checkpoint i ʻekolu mau nāwaliwali (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) i loko o ka firmware o MediaTek DSP chips, a me kahi palupalu i ka MediaTek Audio HAL leo hoʻoili leo (CVE- 2021- 0673). Inā hoʻohana maikaʻi ʻia nā mea nāwaliwali, hiki i ka mea hoʻouka ke hoʻolohe i ka mea hoʻohana mai kahi noi pono ʻole no ka platform Android.
Ma 2021, ʻo MediaTek ka helu ma kahi o 37% o ka hoʻouna ʻana i nā chips kūikawā no nā smartphones a me SoCs (e like me nā ʻikepili ʻē aʻe, i ka lua o ka makahiki 2021, ʻo ka ʻāpana o MediaTek i waena o nā mea hana o nā chips DSP no nā kelepona he 43%). Hoʻohana pū ʻia nā pahu MediaTek DSP i nā poʻokela poʻokela e Xiaomi, Oppo, Realme a me Vivo. Hoʻohana ʻia nā ʻāpana MediaTek, i hoʻokumu ʻia ma kahi microprocessor me Tensilica Xtensa architecture, i nā smartphones e hana i nā hana e like me ka leo, ke kiʻi a me ka hoʻoili wikiō, i ka helu ʻana no nā ʻōnaehana ʻoiaʻiʻo i hoʻonui ʻia, ʻike kamepiula a me ke aʻo ʻana i ka mīkini, a me ka hoʻokō ʻana i ke ʻano wikiwiki.
I ka wā o ka ʻenehana hou ʻana o ka firmware no MediaTek DSP chips e pili ana i ka FreeRTOS platform, ua ʻike ʻia kekahi mau ala e hoʻokō ai i ke code ma ka ʻaoʻao firmware a loaʻa ka mana ma luna o nā hana ma DSP ma o ka hoʻouna ʻana i nā noi i hana ʻia mai nā noi pono ʻole no ka platform Android. Ua hōʻike ʻia nā hiʻohiʻona maʻamau o ka hoʻouka ʻana ma ke kelepona Xiaomi Redmi Note 9 5G i lako me kahi MediaTek MT6853 (Dimensity 800U) SoC. Ua ʻike ʻia ua loaʻa mua nā OEM i nā hoʻoponopono no nā nāwaliwali i ka ʻOkakopa MediaTek firmware update.
Ma waena o nā hoʻouka kaua e hiki ke hana ʻia ma ka hoʻokō ʻana i kāu code ma ka pae firmware o ka chip DSP:
- ʻO ka piʻi ʻana o ka pono a me ka pale ʻana i ka palekana - hopu malū i ka ʻikepili e like me nā kiʻi, nā wikiō, nā leo kelepona, ka ʻikepili microphone, ka ʻikepili GPS, etc.
- ʻO ka hōʻole ʻana i ka lawelawe a me nā hana ʻino - kaohi ʻana i ka ʻike i ka ʻike, hoʻopau i ka pale wela i ka wā o ka hoʻouka wikiwiki ʻana.
- ʻO ka hūnā ʻana i ka hana ʻino ʻo ia ka hana ʻana i nā mea ʻino i ʻike ʻole ʻia a wehe ʻole ʻia i hana ʻia ma ka pae firmware.
- Hoʻopili i nā hōʻailona no ka hahai ʻana i kahi mea hoʻohana, e like me ka hoʻohui ʻana i nā hōʻailona makaʻala i ke kiʻi a i ʻole wikiō e hoʻoholo ai inā pili ka ʻikepili i kau ʻia i ka mea hoʻohana.
ʻAʻole i hōʻike ʻia nā kikoʻī o ka nāwaliwali o MediaTek Audio HAL, akā ʻo nā mea palupalu ʻekolu ʻē aʻe i ka firmware DSP ke kumu o ka nānā ʻana i ka palena ʻole i ka wā e hoʻoili ai i nā memo IPI (Inter-Processor Interrupt) i hoʻouna ʻia e ka mea hoʻokele leo audio_ipi i ka DSP. ʻO kēia mau pilikia e ʻae iā ʻoe e hoʻokau i ka hoʻoheheʻe ʻana o ka buffer i nā mea lawelawe i hāʻawi ʻia e ka firmware, kahi i lawe ʻia ai ka ʻike e pili ana i ka nui o ka ʻikepili i hoʻoili ʻia mai kahi kahua i loko o ka pā IPI, me ka nānā ʻole i ka nui maoli i loaʻa i ka hoʻomanaʻo like.
No ke komo ʻana i ka mea hoʻokele i ka wā o nā hoʻokolohua, ua hoʻohana ʻia nā kelepona ioctls pololei a i ʻole /vendor/lib/hw/audio.primary.mt6853.so waihona, ʻaʻole i loaʻa i nā polokalamu Android maʻamau. Eia naʻe, ua loaʻa i nā mea noiʻi kahi hana no ka hoʻouna ʻana i nā kauoha e pili ana i ka hoʻohana ʻana i nā koho debugging i loaʻa i nā noi ʻaoʻao ʻekolu. Hiki ke hoʻololi ʻia kēia mau ʻāpana ma ke kāhea ʻana i ka lawelawe AudioManager Android e hoʻouka i nā hale waihona puke MediaTek Aurisys HAL (libfvaudio.so), e hāʻawi i nā kelepona e launa pū me ka DSP. No ka pale ʻana i kēia hana, ua wehe ʻo MediaTek i ka hiki ke hoʻohana i ke kauoha PARAM_FILE ma o AudioManager.
Source: opennet.ru