Android Devices With MediaTek Chips Need Security Update This Month ASAP

Posted on by

While everyone should always get the latest security updates for their Android devices whenever possible, you need to pay special attention to this month’s update and get it right away if your device has any MediaTek chips inside.

To keep things simple, here is a list of affected devices, courtesy of XDA-Developers , where the MediaTek security exploit was originally discovered. (More on this later.) 93 devices in total; If yours is not on this list, or you want to double check that you are affected, you can see if these ADB commands are running successfully on your device. If so, your MediaTek chip could be used to give an attacker root access to your device.

As for this list:

  1. Acer Iconia One 10 B3-A30
  2. Acer Iconia One 10 B3-A40
  3. Alba Tablet Series
  4. Alcatel 1 5033 Series
  5. Alcatel 1C
  6. Alcatel 3L (2018) 5034 series
  7. Alcatel 3T 8
  8. Alcatel A5 LED 5085 series
  9. Alcatel A30 5049 Series
  10. Alcatel Idol 5
  11. Alcatel / TCL A1 A501DL
  12. Alcatel / TCL LX A502DL
  13. Alcatel Tetra 5041C
  14. Amazon Fire 7 2019 – up to Fire OS 6.3.1.2 build 0002517050244 only
  15. Amazon Fire HD 8 2016 – up to Fire OS 5.3.6.4 only, Build 626533320
  16. Amazon Fire HD 8 2017 – Up to Fire OS 5.6.4.0 Only Build 636558520
  17. Amazon Fire HD 8 2018 – up to Fire OS 6.3.0.1 only
  18. Amazon Fire HD 10 2017 – Up to Fire OS 5.6.4.0 Only Build 636558520
  19. Amazon Fire HD 10 2019 – up to Fire OS 7.3.1.0 only
  20. Amazon Fire TV 2 – up to Fire OS 5.2.6.9 only
  21. ASUS ZenFone Max Plus X018D
  22. ASUS ZenPad 3s 10 Z500M
  23. ASUS ZenPad Z3xxM (F) Based on MT8163 Series
  24. Barnes & Noble NOOK 7 ″ BNTV450 and BNTV460 Tablet
  25. Barnes & Noble NOOK 10.1 “BNTV650 Tablet
  26. Blackview a8 max
  27. Blackview BV9600 Pro (Helio P60)
  28. Blue Life Max
  29. BLU Life One X
  30. BLU R1 series
  31. BLU R2 LTE
  32. BLU S1
  33. Xtreme Pro Blue Tank
  34. BLU Vivo 8L
  35. BLU Vivo XI
  36. BLU Vivo XL4
  37. Bluboo S8
  38. BQ Aquaris M8
  39. CAT S41
  40. Coolpad Cool Play 8 Lite
  41. Dragon’s Touch K10
  42. Echo feeling
  43. Gionee m7
  44. HiSense Infinity H12 Lite
  45. Huawei GR3 TAG-L21
  46. Huawei Y5II
  47. Huawei Y6II MT6735 Series
  48. Lava Iris 88S
  49. Lenovo C2 Series
  50. Lenovo Tab E8
  51. Lenovo Tab2 A10-70F
  52. LG K8 + (2018) X210ULMA (MTK)
  53. LG K10 (2017)
  54. LG Tribute Dynasty
  55. LG X power 2 / M320 series (MTK)
  56. LG Xpression Plus 2 / K40 LMX420 Series
  57. Lumigon T3
  58. Meizu M5c
  59. Meizu M6
  60. Meizu Pro 7 Plus
  61. Nokia 1
  62. Nokia 1 Plus
  63. Nokia 3
  64. Nokia 3.1
  65. Nokia 3.1 Plus
  66. Nokia 5.1
  67. Nokia 5.1 Plus / X5
  68. Onn 7 ″ Android Tablet
  69. Onn 8 “& 10” Tablet Series (MT8163)
  70. OPPO A5s
  71. OPPO F5 series / A73 – Android 8.x only
  72. OPPO F7 Series – Android 8.x Only
  73. OPPO F9 Series – Android 8.x Only
  74. Oukitel K12
  75. D7 protrusion
  76. Realme 1
  77. Sony Xperia C4
  78. Sony Xperia C5 Series
  79. Sony Xperia L1
  80. Sony Xperia L3
  81. Sony Xperia XA Series
  82. Sony Xperia XA1 Series
  83. South Telecom Smartab ST1009X (MT8167)
  84. TECNO Spark 3 Series
  85. Umidigi F1 series
  86. Umidigi Power
  87. Wiko ride
  88. Vico Sunny
  89. Wiko View3
  90. Xiaomi Redmi 6 / 6A Series
  91. ZTE Blade A530
  92. ZTE Blade D6 / V6
  93. ZTE Quest 5 Z3351S

Make sure you have the March 2020 Google security update installed on your device as soon as it becomes available for your device, because the MediaTek-su exploit as it is known allows an attacker to root your device simply by running a script. It doesn’t sound so scary on paper, but a post from XDA-Developers explains why this is so important:

… the typical way to get root access on an Android device is to unlock the bootloader first, which disables checking the boot partition. After unlocking the bootloader, the user can enter the superuser binary into the system as well as the superuser management application to control which processes have root access. Unlocking the bootloader intentionally disables one of the key security features on the device, so the user must explicitly allow this, usually by turning on the toggle in the developer options and then sending the unlock command to the bootloader. However, with MediaTek-su, the user does not need to unlock the bootloader to gain root access. Instead, all they have to do is copy the script to their device and execute it in the shell. However, not only the user can do this. Any application on your phone can copy the MediaTek-su script to its personal directory and then execute it to get root access in the shell.

MediaTek-su’s only weakness isn’t that great; the malicious app would have to set up a script that runs every time the device is turned on, since rebooting Android removes temporary root privileges. However, it won’t be difficult for a seasoned attacker to overcome this, and an app that has root access to your device has basically revoked its defenses. Not only can he grant himself all the permissions he needs without your input or confirmation, but he can also install any apps he wants in the background of your device without even knowing about them.

In other words: when an app you don’t need on your device suddenly gets rooted on your device, it can turn your Android life into hell. All the technical details are fascinating if you want to dig into the XDA-Developers article, but the end result is the same: check and install the monthly Android security update as soon as you can . Open Settings, click on System and look for the Android update option, which may be obvious or hidden in the advanced menu (depending on your device).

More…

0
Android

Leave a Reply