TSTECH & SPACE
🇭🇷
Back to Home
🇭🇷 HR
Technologydb#936

The Android flaw hiding in 1 in 4 budget phones

(2w ago)
Global
zdnet.com
The Android flaw hiding in 1 in 4 budget phones

ultra-realistic documentary photography, split-composition, two contrasting elements side by side, neutral editorial mid-tones, desaturated palette.📷 Photo by Tech&Space

  • Hardware-level breach in MediaTek chips
  • Budget phones carry most of the risk
  • No patch yet for millions of devices

A security flaw buried in Android’s supply chain just exposed a harsh truth: cheap hardware isn’t just slower, it’s riskier. Researchers at Check Point confirmed the vulnerability resides in MediaTek’s audio DSP chip, used in roughly 25% of Android phones worldwide—mostly sub-$200 models. Unlike software bugs, this can’t be patched with an OS update; it requires a firmware fix from manufacturers, many of whom lack the resources or incentive to act.

The flaw lets attackers escalate privileges to steal data, eavesdrop via mic, or hide malware in the audio processor. Worse, it exploits a feature meant to improve performance: MediaTek’s always-on audio processing for voice assistants and noise cancellation. Ironically, the same cost-cutting optimizations that make these phones affordable now make them targets.

Early signals suggest Xiaomi’s Redmi series and Oppo’s A-line are among the most exposed, though the full list remains unclear. Google’s Pixel and Samsung’s flagship lines avoid this—another reminder that security often scales with price.

The real-world gap between chip specs and user security

The Android flaw hiding in 1 in 4 budget phones📷 Photo by Tech&Space

The real-world gap between chip specs and user security

For users, the practical impact is brutal: no clear way to check exposure without digging into chipset specs, and no guarantee of a fix. MediaTek told ZDNet it’s working with partners, but history shows budget-phone updates arrive slowly, if ever. The real bottleneck isn’t the tech—it’s the economics of the Android ecosystem, where manufacturers prioritize new sales over old devices.

The industry fallout could reshape trust in budget Androids. Apple and Google already weaponize security as a premium feature; this hands them more ammunition. Regulators may finally pressure chipmakers to treat security as a baseline, not an upgrade. For now, though, the burden falls on users: disable always-on voice assistants, avoid sideloading apps, and hope your brand cares enough to patch a $150 phone.

Developers face a quieter crisis. Apps relying on MediaTek’s audio APIs—voice chat, transcription tools—may now carry hidden risks. The flaw turns a performance feature into a liability, forcing a recalculation of which hardware shortcuts are worth the tradeoffs.

AndroidCybersecurityVulnerability
// liked by readers

//Comments

Uredi u foto-review →
RoboticsBaidu robotaxis grounded: China’s traffic chaos exposes real-world limitsAIDisney’s $1B AI bet collapses before the first frameMedicineInflammation’s Epigenetic Scars May Linger, Raising Colon Cancer RiskAIMistral’s tiny speech model fits on a watch—so what?MedicineBrain aging’s genetic map: AI hype vs. Alzheimer’s realityAIPorn’s AI Clones Aren’t Immortal—Just Better PackagedMedicine$100M federal bet on joint regeneration—what the trials can (and can’t) proveAIGitHub’s Copilot data grab: opt-out or be trainedMedicineRNA Sequencing UnifiesAIAI’s dirty little secret: secure by default is a mythSpaceEarth Formed From Inner Solar SystemAI$70M for AI code verification—because shipping works, not just generating itSpaceYouTube’s AI cloning tool exposes a deeper problemAIAI traffic now outpaces humans—but who’s really winning?SpaceSmile Mission to X-Ray Earth’s Magnetic ShieldAIGemini Live’s voice downgrade: AI progress or collateral damage?SpaceGamma Cas’s X-Ray Mystery Solved After 40 YearsGamingNvidia’s AI art war: Why players are sharpening the pitchforksSpaceUK’s AI probe into Microsoft isn’t just about Windows—it’s about controlTechnologyLeaked iPhone hacking tool exposes Apple’s zero-click blind spotRoboticsBaidu robotaxis grounded: China’s traffic chaos exposes real-world limitsAIDisney’s $1B AI bet collapses before the first frameMedicineInflammation’s Epigenetic Scars May Linger, Raising Colon Cancer RiskAIMistral’s tiny speech model fits on a watch—so what?MedicineBrain aging’s genetic map: AI hype vs. Alzheimer’s realityAIPorn’s AI Clones Aren’t Immortal—Just Better PackagedMedicine$100M federal bet on joint regeneration—what the trials can (and can’t) proveAIGitHub’s Copilot data grab: opt-out or be trainedMedicineRNA Sequencing UnifiesAIAI’s dirty little secret: secure by default is a mythSpaceEarth Formed From Inner Solar SystemAI$70M for AI code verification—because shipping works, not just generating itSpaceYouTube’s AI cloning tool exposes a deeper problemAIAI traffic now outpaces humans—but who’s really winning?SpaceSmile Mission to X-Ray Earth’s Magnetic ShieldAIGemini Live’s voice downgrade: AI progress or collateral damage?SpaceGamma Cas’s X-Ray Mystery Solved After 40 YearsGamingNvidia’s AI art war: Why players are sharpening the pitchforksSpaceUK’s AI probe into Microsoft isn’t just about Windows—it’s about controlTechnologyLeaked iPhone hacking tool exposes Apple’s zero-click blind spot
⊞ Foto Review