Author Topic: MediaTek System On Chip - mtklogger malware  (Read 3058 times)

TallTim

  • Newbie
  • *
  • Posts: 15
    • View Profile
MediaTek System On Chip - mtklogger malware
« on: June 06, 2018, 05:40:24 pm »
Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.

Murple2

  • Full Member
  • ***
  • Posts: 137
    • View Profile
MediaTek System On Chip - mtklogger malware
« Reply #1 on: June 07, 2018, 03:21:21 am »
Quote from: TallTim
Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.

There was discussion around this a month or so back, I came to the conclusion I wasn't too worried - no more than I am about the inclusion of hardware backdoors on every electronic device I own.  If you were super paranoid you could sniff outbound traffic from the gemini (the ethernet adapter may be the easiest way to do this) but even this isn't fool proof.
I took a pragmatic approach and downloaded "Engineer Mode MTK" from the play store which allowed me to disable a whole load of logs (which were already switched off anyway). Of course, maybe this app is malicious and I have made my device less secure.

I think I'll stick to pen and paper from now on...
« Last Edit: June 07, 2018, 03:22:08 am by Murple2 »

mibry

  • Jr. Member
  • **
  • Posts: 69
    • View Profile
MediaTek System On Chip - mtklogger malware
« Reply #2 on: June 07, 2018, 04:47:10 am »
Quote from: Murple2
Quote from: TallTim
Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.

There was discussion around this a month or so back, I came to the conclusion I wasn't too worried - no more than I am about the inclusion of hardware backdoors on every electronic device I own.  If you were super paranoid you could sniff outbound traffic from the gemini (the ethernet adapter may be the easiest way to do this) but even this isn't fool proof.
I took a pragmatic approach and downloaded "Engineer Mode MTK" from the play store which allowed me to disable a whole load of logs (which were already switched off anyway). Of course, maybe this app is malicious and I have made my device less secure.

I think I'll stick to pen and paper from now on...

If you are really worried about the mtklogger process then best to install the rooted version of the fireware and use a firewall like AFWALL+, it is available in the play store.

Murple2

  • Full Member
  • ***
  • Posts: 137
    • View Profile
MediaTek System On Chip - mtklogger malware
« Reply #3 on: June 07, 2018, 09:08:08 am »
Quote
If you are really worried about the mtklogger process then best to install the rooted version of the fireware and use a firewall like AFWALL+, it is available in the play store.
I don't want to be a party pooper but rooting your device has security implications too.

joepirello

  • Newbie
  • *
  • Posts: 41
    • View Profile
MediaTek System On Chip - mtklogger malware
« Reply #4 on: June 07, 2018, 10:23:27 am »
I just froze the mtklogger app using TitaniumBackup. That should render it useless.

depscribe

  • Sr. Member
  • ****
  • Posts: 252
    • View Profile
MediaTek System On Chip - mtklogger malware
« Reply #5 on: June 07, 2018, 11:22:31 am »
Quote from: TallTim
Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.
It's not a keylogger, but in some respects it is just as bad, collecting a lot of information and if not phoning home with it at least leaving it exposed. Here's what NIST has to say:

https://nvd.nist.gov/vuln/detail/CVE-2016-10135
dep

Atari Portfolio (yes, it still works and yes, I bought it new)
Libretto 110 CT (with docking station and all kinds of PCMCIA stuff)
And, now, a Gemini and, fortunately, a GPD Pocket

covex

  • Newbie
  • *
  • Posts: 23
    • View Profile
    • http://
MediaTek System On Chip - mtklogger malware
« Reply #6 on: October 26, 2018, 03:17:40 pm »
Quote from: depscribe
Quote from: TallTim
Ran across a blog post on Medium that referenced MediaTek's SoC and what he describes as a "keylogger" mtklogger as part of the package.

Reference - https://medium.com/@chpapa/review-after-two...ne-7dd8b550609a

If this is accurate, how exactly do we trust this in its default state as Gemini PDA's are shipped, and how do you remove/fix this?

If this is not the proper forum, I apologize, thought hardware may be the best area.

Thanks in advance for any guidance on this.
It's not a keylogger, but in some respects it is just as bad, collecting a lot of information and if not phoning home with it at least leaving it exposed. Here's what NIST has to say:

https://nvd.nist.gov/vuln/detail/CVE-2016-10135

Here you can find how to check and set off the mtklogger:

https://www.reddit.com/r/geminipda/comments...f_the_firmware/
Gemini PDA 4G, MTK Helio x27, keyboard layout CZ, Gemini-7.1-Planet-08102018-V2