MediaTek may not be on the short list of SoC companies whose chips you seek out when buying a new phone, but the company’s latest components have delivered some solid performance for their price, and it’s felt like the company’s status has been on the rise. Unfortunately, a new discovery casts a shadow over all that, as it’s revealed that a number of MediaTek-based phones shipped to the public with a development debug backdoor still in place, potentially opening users up to malicious attacks.
The problem code was intended to allow Chinese carriers to fully test these handsets prior to the start of sales, but multiple OEMs failed to disable the backdoor before release. As a result, an attacker could potentially take advantage of the leftover code to achieve root-level access.
Maybe the scariest thing about this attack is that we don’t know exactly who’s affected. It sounds like it involves primarily older devices, with Android 4.4 KitKat reportedly the vulnerable build in question, but MediaTek has so far declined to publicly release the names of manufacturers believed to ship phones with this debug backdoor in place.
That said, the company does report that it’s notified its manufacturing partners in the hopes that they might release patches or otherwise let their users know about this problem, but so far we haven’t heard of any phone makers stepping forward with that info.