Cov kws tshawb fawb los ntawm Checkpoint tau txheeb xyuas peb qhov tsis zoo (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) hauv firmware ntawm MediaTek DSP chips, nrog rau qhov muaj qhov tsis zoo hauv MediaTek Audio HAL cov txheej txheem suab (CVE- 2021-0673 ib.). Yog tias qhov tsis muaj peev xwm ua tiav tau zoo, tus neeg tawm tsam tuaj yeem eavesdrop ntawm tus neeg siv los ntawm daim ntawv thov tsis tsim nyog rau Android platform.
Hauv 2021, MediaTek suav txog kwv yees li 37% ntawm kev xa khoom ntawm cov chips tshwj xeeb rau cov xov tooj smartphones thiab SoCs (raws li lwm cov ntaub ntawv, nyob rau lub quarter thib ob ntawm 2021, MediaTek qhov feem ntawm cov tuam txhab ntawm DSP chips rau smartphones yog 43%). MediaTek DSP chips kuj tseem siv hauv cov xov tooj smartphones los ntawm Xiaomi, Oppo, Realme thiab Vivo. MediaTek chips, raws li lub microprocessor nrog Tensilica Xtensa architecture, tau siv hauv cov xov tooj ntawm tes los ua haujlwm xws li kev ua suab, duab thiab video, hauv kev suav rau cov kev muaj tiag augmented, khoos phis tawj tsis pom kev thiab kev kawm tshuab, nrog rau kev siv hom kev them nyiaj ceev.
Thaum lub sij hawm thim rov qab engineering ntawm firmware rau MediaTek DSP chips raws li FreeRTOS platform, ntau txoj hauv kev tau txheeb xyuas kom ua tiav cov cai ntawm sab firmware thiab tau txais kev tswj hwm kev ua haujlwm hauv DSP los ntawm kev xa cov ntawv thov tshwj xeeb los ntawm cov ntawv thov tsis raug cai rau Android platform. Cov piv txwv ntawm kev tawm tsam tau tshwm sim ntawm Xiaomi Redmi Note 9 5G smartphone nruab nrog MediaTek MT6853 (Dimensity 800U) SoC. Nws tau sau tseg tias OEMs twb tau txais kev kho rau qhov tsis zoo nyob rau lub Kaum Hlis MediaTek firmware hloov tshiab.
Ntawm cov kev tawm tsam uas tuaj yeem ua tiav los ntawm kev ua tiav koj cov cai ntawm qib firmware ntawm DSP nti:
- Muaj cai nce ntxiv thiab kev ruaj ntseg bypass - stealthily ntes cov ntaub ntawv xws li cov duab, yeeb yaj duab, hu xov tooj kaw, microphone cov ntaub ntawv, GPS cov ntaub ntawv, thiab lwm yam.
- Kev tsis lees paub kev pabcuam thiab kev ua phem - thaiv kev nkag mus rau cov ntaub ntawv, cuam tshuam kev tiv thaiv overheating thaum them ceev.
- Nkaum siab phem kev ua ub no yog cov creation ntawm tag nrho invisible thiab unremovable siab phem Cheebtsam raug tua nyob rau hauv lub firmware theem.
- Txuas cov cim npe los taug qab tus neeg siv, xws li ntxiv cov cim cim rau cov duab lossis yees duab los txiav txim siab seb cov ntaub ntawv tshaj tawm puas txuas rau tus neeg siv.
Cov ntsiab lus ntawm qhov tsis zoo hauv MediaTek Audio HAL tseem tsis tau tshaj tawm, tab sis lwm qhov peb qhov tsis zoo hauv DSP firmware yog tshwm sim los ntawm kev txheeb xyuas ciam teb tsis raug thaum ua IPI (Inter-Processor Interrupt) cov lus xa los ntawm audio_ipi audio driver rau DSP. Cov teeb meem no tso cai rau koj los ua kom muaj kev tswj hwm tsis txaus hauv cov neeg ua haujlwm muab los ntawm firmware, uas cov ntaub ntawv hais txog qhov loj ntawm cov ntaub ntawv hloov pauv tau raug coj los ntawm thaj chaw hauv IPI pob ntawv, yam tsis tau kuaj xyuas qhov loj me nyob hauv kev sib koom nco.
Txhawm rau nkag mus rau tus tsav tsheb thaum lub sijhawm sim, kev hu ncaj qha ioctls lossis /vendor/lib/hw/audio.primary.mt6853.so tsev qiv ntawv, uas tsis muaj rau cov ntawv thov hauv Android li niaj zaus, tau siv. Txawm li cas los xij, cov kws tshawb fawb tau pom qhov kev daws teeb meem rau kev xa cov lus txib raws li kev siv cov kev xaiv debugging muaj rau cov ntawv thov thib peb. Cov kev txwv no tuaj yeem hloov pauv tau los ntawm kev hu rau AudioManager Android kev pabcuam los tawm tsam MediaTek Aurisys HAL cov tsev qiv ntawv (libfvaudio.so), uas muab kev hu xovtooj los cuam tshuam nrog DSP. Txhawm rau thaiv qhov kev ua haujlwm no, MediaTek tau tshem tawm lub peev xwm siv PARAM_FILE hais kom ua los ntawm AudioManager.
Tau qhov twg los: opennet.ru