MediaTek security vulnerability

Jeff_Preske · March 4, 2020, 2:21am

I ordered my Teracube last night, and I’m pretty excited about the device, warranty, and business model.

This morning, I read about a vulnerability with the chip: https://www.androidpolice.com/2020/03/02/mediatek-security-vulnerability-allowed-root-access-on-devices-from-nokia-amazon-blu-sony-zte-and-others/

Was this vulnerability addressed in the first software update? Or is it planned for a future release? I read elsewhere that Android 10 eliminates the vulnerability, and I know that is to be released this month.

Jeff

Sharad · March 3, 2020, 10:29pm

Looking into this Mediatek vulnerability.

XDA reference - https://www.xda-developers.com/mediatek-su-rootkit-exploit/

The other vulnerability mentioned in the article - CVE-2019-2215 is already patched as part of October security patches.

anthony · March 6, 2020, 5:50pm

Looking into this today.

teracute · March 8, 2020, 7:49am

any update regarding the patch to fix this? got the phone a few days ago but waiting for the update just to be safe.

anthony · March 9, 2020, 4:45pm

Sorry for the late response. I spent last Friday and part of the weekend into this matter.

Here is my conclusion - This particular vulnerability has been around for quite some time. MediaTek had actually released patches back in May 2019. The reason why it still affects so many devices today is that many manufacturers have not implemented the fix into their software updates. Fortunately, Teracube is patched up to October 2019 and has included the patches by MediaTek. I have personally tried to run the temporary SU exploit on several units and none of them worked. This validated that Teracube is patched for this particular vulnerability.

You are also correct that Android 10 eliminates this vulnerability. However, we are happy to share that even the current release (Android 9) is safe to use.

Cheers,
Anthony