Google Patches Critical MediaTek Rootkit Affecting Millions of Android Devices
The March 2020 Android Security Update brings a patch that is expected to fix a critical security vulnerability in many MediaTek-powered devices. Called MediaTek-SU (CVE-2020-0069), the vulnerability reportedly affects the Command Queue driver on devices with a large number of MediaTek processors, and was being distributed on XDA as a way for advanced users to gain root access on Fire Tablets to install apps and games from the Google Play Store.
As it turns out, details of the rootkit have been available on XDA since April of last year, although, it is only now that Google has detailed it publicly. Despite MediaTek rolling out a patch within weeks of its discovery, thevulnerability is still being actively exploitedby hackers. Now MediaTek and Google are working together to patch the vulnerability for good and secure millions of devices affected by this critical security exploit.
According to coder and XDA Member,‘diplomatic’, the exploit works on “virtually all of MediaTek’s 64-bit chips”, including MT6735, MT6737, MT6738, MT6739, MT6750, MT6753, MT6755, MT6757, MT6758, MT6761, MT6762, MT6763, MT6765, MT6771, MT6779, MT6795, MT6797, MT6799, MT8163, MT8167, MT8173, MT8176, MT8183, MT6580, and MT6595. The exploit has since been confirmed toaffect around 100 different modelsfrom dozens of vendors, including Nokia, Sony, Huawei, Lava, Oppo and more.
If you own a smartphone or tablet powered by any of the aforementioned MediaTek chipsets, you can check whether your device is vulnerable to MediaTek-su by running the script posted by XDA Member diplomaticin this XDA forum thread. If your device enters a root shell (the symbol will change from $ to #), it means the exploit works, so you’ll have to hope that your device manufacturer will roll out the March 2020 Android security patch for your device sooner rather than later.
Kishalaya Kundu
Passionate techie. Professional tech writer. Proud geek.
Add new comment
Name
Email ID
Δ
01
02
03
04
05
