Checkpoint researchers have published an article detailing a vulnerability that was fixed by MediaTek in October. This vulnerability could lead to unauthorized access by the attacker to the hacking process. This MediaTek processor problem is related to artificial intelligence and sound processing, and well-coded programs could access system-level audio information. Fortunately, this vulnerability has been addressed by MediaTek.
Even more sophisticated and powerful apps could launch an eavesdropping attack. Checkpoint researchers' research shows that the vulnerability was very complex and the research team was forced to reverse engineer the process. In short, an application could only transmit commands to the voice interface and extract user information if attackers were aware of a set of vulnerabilities in the MediaTek firmware.
There is no information about such attacks, and current owners of devices equipped with MediaTek should not worry, as the company has already updated this vulnerability with an October update ( November) has been resolved. No list of devices or chips damaged by the attack has been published by MediaTek or other researchers. Was taken. Interestingly, there are some Huawei HiSilicon Kirin chips that run on one platform, but there is no information on whether or not they are vulnerable to such attacks.
It became difficult to examine the concept of improving access levels in cyber attacks. Access upgrades occur when a malicious user exploits a bug, design flaw, or configuration error in an application or operating system to gain high access to resources that are not normally available to that user. The hacker can then use the newly acquired privileges to steal confidential information, execute system commands, or install malware, potentially causing serious damage to your operating system, server applications, organization, and reputation.
Hackers They start by exploiting an enhancement vulnerability in a target system or application, which allows them to bypass current account limitations. These people can then access other user capabilities and data (increase the level of access horizontally) or usually earn higher scores from the system administrator or users with higher access (increase the vertical score). Such privilege enhancement is generally just one of the steps used to prepare for a major attack. Should not be available for the current account. For example, for web applications, accessing another user's account on a social site or e-commerce platform or their bank account on an e-banking site may be potentially more dangerous. , Where the hacker starts with a lower-scoring account and gains access to a more powerful user, usually the administrator or system user in Microsoft Windows, or root in Unix and Linux systems.
With these higher scores, an attacker could inflict all kinds of damage on your computer systems and applications, such as stealing access information and other information. Sensitive, downloading and executing malware, clearing data or executing arbitrary code. Worse, skilled hackers can use high scores to cover their routes by removing access reports and other evidence of their activity.
This could potentially prevent the victim from being attacked at all. Ignore. This way, cybercriminals will be able to steal information secretly or install malware directly on systems. Upgrading access levels is not usually the ultimate goal of a hacker, but increasing access is often used in preparation for a more specific attack, allowing attackers to install malware or execute malicious code on the system. This means that whenever you find evidence of increased access to your systems, you should look for other signs of malicious activity.
Source: GSMA >