Skip to main content

Critical bug for MediaTek-powered devices, including Amazon Fire tablets, is already being exploited 'in the wild'

Amazon Fire HD 10
Amazon Fire HD 10 (Image credit: Phil Nickinson / Android Central)

MediaTek makes chips that power millions of devices. Some you've heard of, like the Amazon Fire HD tablet(s) (opens in new tab), others, like the Alcatel Tetra, you probably haven't. Almost all of them have something in common though: a bug in the CPU firmware that allows a simple script "root" the device itself.

This was first found by developers at XDA Forums, and almost every single 64-bit MediaTek CPU is vulnerable unless it's been patched. And some devices are patched since a recent update but the list isn't very long:

  • Samsung has patched its phones
  • Vivo has patched its phones
  • Huawei and Honor phones with Android 8 or higher have been patched
  • Oppo phones with Android 8 or higher have been patched
  • Phones running Android 10 are immune
  • Amazon Fire HD tablets may be patched if they have a specific firmware version.

That leaves a whole lot of unpatched devices with a critical exploit in the system that should have been wiped out a long time ago, as MediaTek released a firmware patch in May 2019 to developers who use the affected chipsets.

The dirty details of the whole thing are a really interesting read, even if you're not "into" Android security. This was originally discovered by XDA developer diplomatic as an easy way to root the Amazon Fire HD tablets, and things progressed from there. Eventually, Google was forced to get involved and worked with the XDA team to release the details in conjunction with a complete system-wide fix for any phone maker that's included as part of the March 2020 Android Security Bulletin.

MediaTek's Helio P95 chipset is here with minor AI and camera tweaks

Many of us aren't going to be affected because we don't use any MediaTek-powered devices, but worldwide we're talking about millions and millions of phones, tablets, and Android-powered set-top boxes. It's a pretty big deal. That doesn't mean that it's going to get fixed in any sort of timely or meaningful way, though.

For all the work MediaTek, XDA developers, and Google have done to matter the company which made your device has to send out an update. Let's be frank here: looking at the list of affected devices (which you can find at Mishaal Rahman's excellent write-up) it's obvious that many will never see this patch. That means it's up to the owners of these devices to be proactive.

  • Only download applications from official app storefronts like Google Play or Amazon's App Store.
  • Read reviews of apps before you install them.
  • Pay attention to all the permissions an app requests and if anything seems fishy, just say no.
  • Remember that the company who made your device left you high and dry when you make your next purchase.

We want everyone's experience to be awesome when they use their phone or tablet. And even though there's a particularly nasty bug in some of them, and it may never be fixed, you still can. Just take a bit of extra time before you install any applications and you can be safe.

Jerry Hildenbrand
Jerry Hildenbrand

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

5 Comments
  • Is their any list to see what Amazon fire hd devices are patched?
  • I noticed that the fire hd 10 android security patch was from October 5, 2018.when I sent an email about the old patch I was to, by way of a generic email, to contact customer support. I don't expect the devices to be patched.
  • Thats why for my Tablet i have an Ipad pro
  • Yeah I'm pretty sure no one asked
  • I have two Fires, an 8 and a 10. Both of them stopped charging unless the USB cable was held in just the right position. Micro USB is awful, as we all know, but the fact that both of them failed at the same time seems... Suspicious? Perhaps auspicious - I'm already thinking of trading them in, now I have another reason. Does the new HD10 with the USB C port have the same problem? What other tablet can compete? Samsung A10 perhaps?