Escalating root privileges: critical MediaTek vulnerability

Bad news, everyone. Apparently, multiple mediatek devices running Android versions below 5.1 are vulnerable due to a serious flaw. Any app can get root. http://m.heise.de/security/meldung/Rechte-Luecke-in-Android-Smartphones-mit-Mediatek-Chipsatz-3091984.html
(IN GERMAN)

I haven’t tested it, an anybody confirm? (I’m AFK atm.)

http://m.heise.de/forum/heise-Security/News-Kommentare/Rechte-Luecke-in-Android-Smartphones-mit-Mediatek-Chipsatz/Wer-es-selbst-pruefen-will-ob-das-Flag-gesetzt-ist-oder-nicht/posting-24485402/show/

Summoning @anon90052001. This is serious, I think. Please inform developers.

Hi,

i just read in a german IT-Online-Magazine that there are problems with “cheap chinese Android phones” with MediaTek-Chipset: http://www.heise.de/security/meldung/Rechte-Luecke-in-Android-Smartphones-mit-Mediatek-Chipsatz-3091984.html
It would be possible for app to gain root-access.
AFAIK the FP1 uses a MediaTek chipset - so i wanted to ask: Does anybody know if FP1 is vurnable for this Bug?

Greetings,

Jonathan

I cannot get past

[melogyma@HADES ~]$ adb usb          
restating in USB mode

It’s stuck there.

I will in turn summon @Douwe. Thanks for bringing it to our attention.

Hello, Just from reading the the title here this is “just” a local root exploit e.g you first need to run a malicious app before this can affect you. If you can find more information on the bug this would be nice.

We had some discussion/links here yesterday.

1 Like

Just seen this here: twitter.

(German link to heise)

If the screenshot shows the only testcase, FP1 on “my” rom is not affected.

2 Likes

Nice.

MediaTek explained that the vulnerability stems from a debug feature that the chip-maker said smartphone manufacturers should have disabled before shipping the devices and told that that the vulnerability exists on devices running Android 4.4 KitKat.

“We are aware of this issue and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China.” Source: techlog360.com

Can someone with the old FP-ROM quickly check it? Should be easy.