This was discovered by a security researcher, Justin Case who has notified MediaTek about the flaw.
The bug is apparently due to a debug tool which was left open by MediaTek in shipped devices.
Most smartphone makers have several debug tools enabled while manufacturing a smartphone for testing and quality control purpose.
Case reported the vulnerability on Twitter earlier this month.
MediaTek is a Taiwan based company and its chips are used in most budget range smartphones.
MediaTek confirmed the vulnerability and stated that as of now it exists on devices running Android 4.4 KitKat.
MediaTek didnt disclose the names of the manufacturers.
We are aware of this issue and it has been reviewed by MediaTeks security team.
After testing, phone manufacturers should turn off the de-bug feature before shipping smartphones.
The company insists that the issue only affects certain manufacturers and it has begun to alert them.
While this issue affected certain manufacturers, it also only affected a portion of devices for those manufacturers.
We have taken steps to alert all manufacturers and remind them of this important feature.
source: www.techworm.net
