According to Justin Case, this is due to a backdoor in MediaTek’s software that was opened up for carriers in China to test the device on their networks. However it seems that after testing, several OEMs who were using MediaTek’s chipsets forgot to close the door and had shipped their phones out without realizing it, hence leading to the security flaw that could potentially provide hackers with a way in.
Unfortunately MediaTek did not disclose who these OEMs were, but they did acknowledge the issue. According to a MediaTek spokesperson, “We are aware of this issue and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a de-bug feature created for telecommunication inter-operability testing in China.”
They also said that they have since notified all OEMs of the potential issue, so from here on out we guess it’s up to these OEMs to issue a patch to close the door. “While this issue affected certain manufacturers, it also only affected a portion of devices for those manufacturers. We have taken steps to alert all manufacturers and remind them of this important feature.”