Security warning: Mediatek-based phones could be facing a potential security hole

French blogger Korben has discovered that certain smartphones with Mediatek chipsets seem to shut down and reset themselves upon receiving an equals symbol "=" (without the quotation marks) via text message.

This is not so much a security hole in that there is a risk of data being compromised, but it makes phones vulnerable to remote attacks because being repeatedly spammed with the equals symbol could render a user's phone unusable, or receiving such a text message during a phone call could terminate the call.

An incomplete list of smartphones affected by the flaw is available below:

  • Wiko Stairway
  • Wiko Darkmoon
  • Wiko Dark Side
  • Wiko Darknight
  • Wiko Iggy
  • Wiko Ozzy
  • Wiko Darfull
  • Wiko Cink King
  • Wiko Cink Five
  • Wiko Cink Peax
  • Wiko Cink Peax 2
  • Wiko Cink Slim 
  • Alcatel One Touch Idol X
  • Alcatel One Touch Idol Ultra
  • Alcatel One Touch 997D
  • Alcatel One Touch Pop C3 (4033D)
  • Alcatel One Touch S-Pop (4030D)
  • Alcaltel One Touch Star (6010D)
  • Zopo ZP950
  • Acer Liquid E 2 DUO
  • Fairphone
  • Archos 40 Titanium

You can test if your own Mediatek-based smartphone is susceptible by messaging an equals symbol to yourself.

According to the blog wiity, the solution to this is fairly simple, in that all the user has to do is download an alternative messaging app to handle SMS messages rather than use the standard one that comes with the phones. Still, this is an extremely strange flaw that could prove to be a major hassle if an attacker attempts to exploit it.

Korben discusses and demonstrates the flaw in the video below:

Source: Korben, wiity via GizChina | Image via FunRush

Report a problem with article
Previous Story

Microsoft's making big investments into quantum computing

Next Story

Microsoft launches a new Android handset, the Nokia X2

15 Comments

Commenting is disabled on this article.

Just registered to say that you can add the Motorola RAZR D3 to the list (based on Mediatek MT6577T chipset). I own one and I just tested to send myself a SMS with the "=" and the phone rebooted. Then I assigned Hangouts to handle the SMS and tested again but nothing happened, no reboot. Thanks for the info!

Korben? Korben Dallas? :)

I have a Mediatek based phone. Don't use SMS on it, though.

Edit: Seems my phone is not at risk.

I would think so. Considering that changing the SMS app fixes the problem.

There must be a common link in the software with these phones.

Korben mentioned something about phones with custom firmware such as Cyanogenmod. Unfortunately my French isn't up to par so I couldn't understand if Korben were saying that custom ROM's fix the issue or if it is something in the baseband itself.

It can't be about mediatek, if it would be it would affect EVERY single phone with that mediatek chip but this list shows just about 3 oem's. They probably effed up something on the firmware or custom android.