Several Android smartphones and tablets powered by MediaTek chipsets and probably running Android 4.4 Kik kat are vulnerable to security attack that might allow an attacker garner private data including photos, contacts, and even remotely monitor traffic.
The bug was found by researcher Justin Case and he used an Obi Alligator S454 smartphone running MT6582 to show the permission break that triggers a root access.
According to MediaTek via NDTV:
“We are aware of this issue and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China.”
“After testing, phone manufacturers should disable the de-bug feature before shipping smartphones. However, after investigation, we found that a few phone manufacturers didn’t disable the feature, resulting in this potential security issue.”
No word on the smartphone model/manufacturer affected, but the company insists that the issue only affects certain manufacturers and it has begun to alert them.
Pending the patch/update, what you can do as a MediaTek user is to ensure you don’t install any unofficial app, also steer clear of sites that might contain a malware.