MediaTek: smartphone vulnerability (LIST)

what could potentially happen to a smartphone, when there is a security hole somewhere in the software, could be very serious. For this reason, the experts are always looking for any vulnerabilities to make the smartphone, now the custodians of our private life, as safe as possible. Recently, it has emerged that some MediaTek processors have unwittingly exposed a long list of smartphone models from different manufacturers to serious risks. Fortunately, the security flaw has been fixed, but the fix will only come with Google’s March patches .

The experts of XDA Developers discovered the problem a year ago . Specifically, a forum user noticed it, while he was intent on looking for a workaround that would allow him to obtain ROOT permissions on an Amazon Fire tablet. During his attempts, the user realized that – thanks to a security hole in the Command Queue driver – it was possible to develop a procedure to temporarily obtain ROOT permissions.

It was soon realized that the discovered vulnerability, called  CVE-2020-0069 , also involved a long series of smartphone models with certain types of MediaTek processors on board.

Of course, the risks arising from the improper use of this type of flaw are quite clear: obtaining ROOT permissions on a smartphone or tablet means, potentially, being able to take absolute control of the devices . For this reason, the experts from Google and MediaTek immediately started working to be able to solve the problem and – as anticipated – the definitive fix should arrive with the March security patches.

XDA Developers has provided a list. It is good to check if your smartphone or tablet is present:

• Acer Iconia One 10 B3-A30
• Acer Iconia One 10 B3-A40
• Alba tablet series
• Alcatel 1 5033 series
• Alcatel 1C
• Alcatel 3L (2018) 5034 series
• Alcatel 3T 8
• Alcatel A5 LED 5085 series
• Alcatel A30 5049 series
• Alcatel Idol 5
• Alcatel / TCL A1 A501DL
• Alcatel / TCL LX A502DL
• Alcatel Tetra 5041C
• Amazon Fire 7 2019 (up to Fire OS 6.3.1.2)
• Amazon Fire HD 8 2016 (up to Fire OS 5.3.6.4)
• Amazon Fire HD 8 2017 (up to Fire OS 5.6.4.0)
• Amazon Fire HD 8 2018 (up to Fire OS 6.3.0.1)
• Amazon Fire HD 10 2017 (up to Fire OS 5.6.4.0)
• Amazon Fire HD 10 2019 (up to Fire OS 7.3.1.0)
• Amazon Fire TV 2 (up to Fire OS 5.2.6.9)
• ASUS ZenFone Max Plus X018D
• ASUS ZenPad 3s 10 Z500M
• ASUS ZenPad Z3xxM (F) MT8163-based series
• Barnes & Noble NOOK Tablet 7 ″ BNTV450 & BNTV460
• Barnes & Noble NOOK Tablet 10.1 ″ BNTV650
• Blackview A8 Max
• Blackview BV9600 Pro (Helio P60)
• BLUE Life Max
• BLUE Life One X
• BLUE R1 series
• BLUE R2 LTE
• BLUE S1
• BLUE Tank Xtreme Pro
• BLU Vivo 8L
• BLUE Vivo XI
• BLUE Vivo XL4
• Bluboo S8
• BQ Aquaris M8
• CAT S41
• Coolpad Cool Play 8 Lite
• Dragon Touch K10
• Echo Feeling
• Gionee M7
• HiSense Infinity H12 Lite
• Huawei GR3 TAG-L21
• Huawei Y5II
• Huawei Y6II MT6735 series
• Lava Iris 88S
• Lenovo C2 series
• Lenovo Tab E8
• Lenovo Tab2 A10-70F
• LG K8 + (2018) X210ULMA (MTK)
• LG K10 (2017)
• LG Tribute Dynasty
• LG X power 2 / M320 series (MTK)
• LG Xpression Plus 2 / K40 LMX420 series
• Lumigon T3
• Meizu M5c
• Meizu M6
• Meizu Pro 7 Plus
• Nokia 1
• Nokia 1 Plus
• Nokia 3
• Nokia 3.1
• Nokia 3.1 Plus
• Nokia 5.1
• Nokia 5.1 Plus / X5
• Onn 7 ″ Android tablet
• Onn 8 ″ & 10 ″ tablet series (MT8163)
• OPPO A5s
• OPPO F5 series / A73 (Android 8 only)
• OPPO F7 series (Android 8 only)
• OPPO F9 series (Android 8 only)
• Oukitel K12
• Protruly D7
• Realme 1
• Sony Xperia C4
• Sony Xperia C5 series
• Sony Xperia L1
• Sony Xperia L3
• Sony Xperia XA series
• Sony Xperia XA1 series
• Southern Telecom Smartab ST1009X (MT8167)
• TECNO Spark 3 series
• Umidigi F1 series
• Umidigi Power
• Wiko Ride
• Wiko Sunny
• Wiko View3
• Xiaomi Redmi 6 / 6A series
• ZTE Blade A530
• ZTE Blade D6 / V6
• ZTE Quest 5 Z3351S