Warning for Android users over flaw which can let hackers listen in on calls

ANDROID users are being warned over a flaw in their devices that could let hackers listen in on your call from the first time you turn it on.

Threat actors could target Android devices that are running on Qualcomm and MediaTek chipsets – who are two of the largest chip providers in the world.


Hackers could listen in on your phone calls due to a flaw in Android devicesCredit: Getty

Security experts at Check Point Research said two thirds of all smartphones sold in 2021 were vulnerable to the flaw.

This is due to both of these chipsets possessing a compromised Apple Lossless Audio Codec (ALAC) code in their audio decoders.

ALAC is an audio coding format for audio compression that was originally open-sourced by Apple in 2011.

The company responsible releases updates and security fixes for the software, however not every vendor that uses the software reportedly applies this.

A vulnerability of this sort can allow hackers to use remote code execution (RCE) to access a device without gaining physical access to it.

RCE attacks are considered very serious because their impact can range from malware execution to a hacker gaining total control over a device.

This means that threat actors can access personal files, messages, photos, and even a phone camera’s streaming functionality.

Speaking about the threat, Check Point said: “The ALAC issues our researchers found could be used by an attacker for remote code execution attack (RCE) on a mobile device through a malformed audio file. RCE attacks allow an attacker to remotely execute malicious code on a computer.

“The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera.

“In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations.”

Bleeping Computer report that threat actors can take advantage of the vulnerability by sending a maliciously crafted audio file which the victim is tricked into opening.

For this reason, experts are recommending users update their Android devices immediately.

To update your Android device, go to your Settings > About Phone > Check for Updates.

Kim 'has NO integrity for friendship with abuser' Joe Francis, director says
How Orsolya Gaal's 'killer' was under surveillance by NYPD for DAYS

If an update is available, an ‘Update’ button should appear, simply tap it and then hit ‘Install’.

Also not, depending on your phone’s operating system, you may also see ‘Install Now’, ‘Reboot and install’, or ‘Install System Software’.

Source link

Denial of responsibility! insideheadline is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave A Reply

Your email address will not be published.