Source: Phil Nickinson / Android Central
MediaTek makes chips that power millions of devices. Some you've heard of, like the Amazon Fire HD tablet(s), others, like the Alcatel Tetra, you probably haven't. Almost all of them have something in common though: a bug in the CPU firmware that allows a simple script "root" the device itself.
This was first found by developers at XDA Forums, and almost every single 64-bit MediaTek CPU is vulnerable unless it's been patched. And some devices are patched since a recent update but the list isn't very long:
- Samsung has patched its phones
- Vivo has patched its phones
- Huawei and Honor phones with Android 8 or higher have been patched
- Oppo phones with Android 8 or higher have been patched
- Phones running Android 10 are immune
- Amazon Fire HD tablets may be patched if they have a specific firmware version.
That leaves a whole lot of unpatched devices with a critical exploit in the system that should have been wiped out a long time ago, as MediaTek released a firmware patch in May 2019 to developers who use the affected chipsets.
The dirty details of the whole thing are a really interesting read, even if you're not "into" Android security. This was originally discovered by XDA developer diplomatic as an easy way to root the Amazon Fire HD tablets, and things progressed from there. Eventually, Google was forced to get involved and worked with the XDA team to release the details in conjunction with a complete system-wide fix for any phone maker that's included as part of the March 2020 Android Security Bulletin.
Many of us aren't going to be affected because we don't use any MediaTek-powered devices, but word-wide we're talking about millions and millions of phones, tablets, and Android-powered set-top boxes. It's a pretty big deal. That doesn't mean that it's going to get fixed in any sort of timely or meaningful way, though.
For all the work MediaTek, XDA developers, and Google have done to matter the company which made your device has to send out an update. Let's be frank here: looking at the list of affected devices (which you can find at Mishaal Rahman's excellent write-up) it's obvious that many will never see this patch. That means it's up to the owners of these devices to be proactive.
- Only download applications from official app storefronts like Google Play or Amazon's App Store.
- Read reviews of apps before you install them.
- Pay attention to all the permissions an app requests and if anything seems fishy, just say no.
- Remember that the company who made your device left you high and dry when you make your next purchase.
We want everyone's experience to be awesome when they use their phone or tablet. And even though there's a particularly nasty bug in some of them, and it may never be fixed, you still can. Just take a bit of extra time before you install any applications and you can be safe.
Best Amazon tablet
One of the best media consumption devices you can buy under $200.
If you plan on watching a lot of movies on your tablet, the Fire HD 10 is the clear winner. Its display is larger and higher density than the HD 8, it comes with more onboard storage, and the speakers are louder and clearer.
We may earn a commission for purchases using our links. Learn more.
The OnePlus 8 and 8 Pro will reportedly be announced next month
OnePlus' next flagship phones could be here as soon as next month..
The Google Play Store is getting a dark theme toggle
You may soon be able to switch between dark and light modes on the Play Store app with a dedicated theme toggle.
Are you going to use a screen protector on your Galaxy S20?
The Galaxy S20 has a gorgeous 120Hz AMOLED display, and keeping it safe is a must. If you're getting the phone, do you plan on picking up a screen protector to go along with it?
These are the best smart locks that you can use with Alexa
Looking to make your home smarter? Check out these smart locks!