MediaTek has come forth and said that a software bug present in their chipsets is causing certain Android phones running 4.4 Kitkat to crash.
Why the bug is dangerous
Justin Case, a security researcher, reported early this month that the bug has the potential to allow an attacker root access to the phone. He further goes on to elaborate, “Root user could do many things, such as access data normally protected from the user/ other apps, or brick the phone, or spy on the user, monitor communications etc.”
So Mediatek broke basic security features to have this backdoor work. Readonly properties are NOT read only! pic.twitter.com/pEjtMNpo9v
— Jon Sawyer (@jcase) January 13, 2016
Why was the bug there in the first place?
Mediatek says that the ‘bug’ exists because it is a debugging feature, which smartphone manufacturers should have disabled before sending the phones out of their plants.
The official response by a MediaTek spokesperson was, “We are aware of this issue and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China,”
Along with “After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn’t disable the feature, resulting in this potential security issue.”
Perhaps sensing this was one of those situations where it is best not to say too much, the chip manufacturer didn’t say anything more, and rather finished by saying they have informed all smartphone manufacturers of the current situation, and that this was only affecting a small portion of devices, from only a few manufacturers.