Author Topic: MediaTek System On Chip - mtklogger malware (Read 6401 times)

TallTim · « **on:** June 06, 2018, 05:40:24 pm »

Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.

Murple2 · « **Reply #1 on:** June 07, 2018, 03:21:21 am »

Quote from: TallTim

Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.

There was discussion around this a month or so back, I came to the conclusion I wasn't too worried - no more than I am about the inclusion of hardware backdoors on every electronic device I own. If you were super paranoid you could sniff outbound traffic from the gemini (the ethernet adapter may be the easiest way to do this) but even this isn't fool proof.
I took a pragmatic approach and downloaded "Engineer Mode MTK" from the play store which allowed me to disable a whole load of logs (which were already switched off anyway). Of course, maybe this app is malicious and I have made my device less secure.

I think I'll stick to pen and paper from now on...

mibry · « **Reply #2 on:** June 07, 2018, 04:47:10 am »

Quote from: Murple2

Quote from: TallTim
Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.

There was discussion around this a month or so back, I came to the conclusion I wasn't too worried - no more than I am about the inclusion of hardware backdoors on every electronic device I own. If you were super paranoid you could sniff outbound traffic from the gemini (the ethernet adapter may be the easiest way to do this) but even this isn't fool proof.
I took a pragmatic approach and downloaded "Engineer Mode MTK" from the play store which allowed me to disable a whole load of logs (which were already switched off anyway). Of course, maybe this app is malicious and I have made my device less secure.

I think I'll stick to pen and paper from now on...

If you are really worried about the mtklogger process then best to install the rooted version of the fireware and use a firewall like AFWALL+, it is available in the play store.

Murple2 · « **Reply #3 on:** June 07, 2018, 09:08:08 am »

Quote

If you are really worried about the mtklogger process then best to install the rooted version of the fireware and use a firewall like AFWALL+, it is available in the play store.

I don't want to be a party pooper but rooting your device has security implications too.

joepirello · « **Reply #4 on:** June 07, 2018, 10:23:27 am »

I just froze the mtklogger app using TitaniumBackup. That should render it useless.

depscribe · « **Reply #5 on:** June 07, 2018, 11:22:31 am »

Quote from: TallTim

Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.

It's not a keylogger, but in some respects it is just as bad, collecting a lot of information and if not phoning home with it at least leaving it exposed. Here's what NIST has to say:

https://nvd.nist.gov/vuln/detail/CVE-2016-10135

covex · « **Reply #6 on:** October 26, 2018, 03:17:40 pm »

Quote from: depscribe

Quote from: TallTim
Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.
It's not a keylogger, but in some respects it is just as bad, collecting a lot of information and if not phoning home with it at least leaving it exposed. Here's what NIST has to say:

https://nvd.nist.gov/vuln/detail/CVE-2016-10135

Here you can find how to check and set off the mtklogger:

https://www.reddit.com/r/geminipda/comments...f_the_firmware/

News:

Author Topic: MediaTek System On Chip - mtklogger malware (Read 6401 times)