Android Authority According to a report from security company CheckPoint, millions of Android users are at risk of being exposed to danger without knowing it.
Specifically, a report from security company CheckPoint indicates that hackers can take advantage of the vulnerability to play a malicious audio file and execute the code remotely, from there. gain control of the media data on the device. This method even allows hackers to stream data directly from the user’s camera.
This vulnerability comes from an audio format called ALAC (Apple Lossless Audio Codec)developed by Apple since 2004. By 2011, this format was moved to open source, allowing other manufacturers to use it as well.
Many mobile chip manufacturers, including Qualcomm and MediaTek also use source code from ALAC for their on-chip audio codecs.
This means, sSmartphones using Qualcomm and MediaTek chips can be hacked remote code execution (RCE) based on exploits regarding the ALAC format.
According to Android Authority, RCE is considered the most dangerous attack method because it does not require physical access to the device and can be performed remotely.
About two-thirds of smartphones sold in 2021 may be at risk due to this security flaw
“MediaTek and Qualcomm use the ALAC audio codec in many smartphone devices, which puts millions of Android users at risk to privacy.“, the CheckPoint report said.
According to CheckPoint, about two-thirds of smartphones sold in 2021 may be at risk due to this security flaw.
Qualcomm and MediaTek said that they have released patches for this vulnerability since December 2021. To avoid being attacked by hackers from this security hole, Android device users are advised to immediately update the software to the latest version.
Android device users are advised to immediately update the software to the latest version
In addition, “if you receive audio files from an unknown source, it is best not to open them to avoid becoming the victim of a remote attack,” according to the report. BleepingComputer.