Security vulnerabilities are unfortunately extremely common in smartphones, given the complexity and varying codebases of most devices. That’s why Google has been releasing monthly security patches for years, and if you needed another reason for why those updates are so important, the March 2020 release fixes a critical flaw on many MediaTek devices.
One of the vulnerabilities fixed in the March security patch is CVE-2020-0069, a security flaw that affects the Command Queue driver on devices with certain MediaTek processors. As XDA Developers pointed out in an investigative piece, the vulnerability was first discovered in February 2019 by a developer looking for a way to root Amazon’s Fire tablets. The developer, known as ‘diplomatic’ on the XDA Forums, later released a script that used the vulnerability to temporarily gain root access on Fire tablets.
It was later discovered that the vulnerability, nicknamed ‘MediaTek-su,’ was also present on many other phones and tablets using MediaTek processors. Here’s the full list of confirmed devices, courtesy of XDA Developers:
- Acer Iconia One 10 B3-A30
- Acer Iconia One 10 B3-A40
- Alba tablet series
- Alcatel 1 5033 series
- Alcatel 1C
- Alcatel 3L (2018) 5034 series
- Alcatel 3T 8
- Alcatel A5 LED 5085 series
- Alcatel A30 5049 series
- Alcatel Idol 5
- Alcatel/TCL A1 A501DL
- Alcatel/TCL LX A502DL
- Alcatel Tetra 5041C
- Amazon Fire 7 2019 (up to Fire OS 6.3.1.2)
- Amazon Fire HD 8 2016 (up to Fire OS 5.3.6.4)
- Amazon Fire HD 8 2017 (up to Fire OS 5.6.4.0)
- Amazon Fire HD 8 2018 (up to Fire OS 6.3.0.1)
- Amazon Fire HD 10 2017 (up to Fire OS 5.6.4.0)
- Amazon Fire HD 10 2019 (up to Fire OS 7.3.1.0)
- Amazon Fire TV 2 (up to Fire OS 5.2.6.9)
- ASUS ZenFone Max Plus X018D
- ASUS ZenPad 3s 10 Z500M
- ASUS ZenPad Z3xxM(F) MT8163-based series
- Barnes & Noble NOOK Tablet 7″ BNTV450 & BNTV460
- Barnes & Noble NOOK Tablet 10.1″ BNTV650
- Blackview A8 Max
- Blackview BV9600 Pro (Helio P60)
- BLU Life Max
- BLU Life One X
- BLU R1 series
- BLU R2 LTE
- BLU S1
- BLU Tank Xtreme Pro
- BLU Vivo 8L
- BLU Vivo XI
- BLU Vivo XL4
- Bluboo S8
- BQ Aquaris M8
- CAT S41
- Coolpad Cool Play 8 Lite
- Dragon Touch K10
- Echo Feeling
- Gionee M7
- HiSense Infinity H12 Lite
- Huawei GR3 TAG-L21
- Huawei Y5II
- Huawei Y6II MT6735 series
- Lava Iris 88S
- Lenovo C2 series
- Lenovo Tab E8
- Lenovo Tab2 A10-70F
- LG K8+ (2018) X210ULMA (MTK)
- LG K10 (2017)
- LG Tribute Dynasty
- LG X power 2/M320 series (MTK)
- LG Xpression Plus 2/K40 LMX420 series
- Lumigon T3
- Meizu M5c
- Meizu M6
- Meizu Pro 7 Plus
- Nokia 1
- Nokia 1 Plus
- Nokia 3
- Nokia 3.1
- Nokia 3.1 Plus
- Nokia 5.1
- Nokia 5.1 Plus/X5
- Onn 7″ Android tablet
- Onn 8″ & 10″ tablet series (MT8163)
- OPPO A5s
- OPPO F5 series/A73 (Android 8.x only)
- OPPO F7 series (Android 8.x only)
- OPPO F9 series (Android 8.x only)
- Oukitel K12
- Protruly D7
- Realme 1
- Sony Xperia C4
- Sony Xperia C5 series
- Sony Xperia L1
- Sony Xperia L3
- Sony Xperia XA series
- Sony Xperia XA1 series
- Southern Telecom Smartab ST1009X (MT8167)
- TECNO Spark 3 series
- Umidigi F1 series
- Umidigi Power
- Wiko Ride
- Wiko Sunny
- Wiko View3
- Xiaomi Redmi 6/6A series
- ZTE Blade A530
- ZTE Blade D6/V6
- ZTE Quest 5 Z3351S
Since MediaTek-su is now a year old, some OEMs have already caught on and patched their devices — Fire OS has been fixed for months, for example. According to research from developer Diplomatic, phones from Vivo, Huawei/Honor, Oppo, and Samsung have kernel modifications in place that prevented the exploit from working in its released form. Furthermore, the exploit only maintained root until the device was rebooted.
Three apps that were reportedly using MediaTek-su to gain root access, which have now been removed from the Play Store (credit: TrendMicro)
This is also one of the rare examples of an Android security vulnerability that has been exploited in the wild. A security report from TrendMicro in January claimed that several now-removed Play Store apps used one of two exploits — MediaTek-su or CVE-2019-2215 (which was fixed in the October patch) — to gain root access if it detected the user’s device was vulnerable. This report was likely how Google discovered the flaw.
Long story short, if you have a phone or tablet with a MediaTek processor, you should install the next system update you get as soon as possible. You can check if your device is vulnerable by running the original root script from XDA — if you enter a root shell (the symbol changes from a $ to a #), the exploit works.
