This article looks at the severity of the threat and what we can do to make sure our phone is secure. So if you are an Android user, read on!
If you are an Android user, your phone was at risk of remote attack. Properly. This article looks at the severity of the threat and what we can do to make sure our phone is secure. So if you are an Android user, read on!
Three vulnerabilities found in the Qualcomm and MediaTek chipsets were finally fixed late last year, but only two-thirds of Android devices were at risk of gaining attacker access to media and voice chats. Both Qualcomm and MediaTek use Apple Lossless Audio Codec (ALAC) technology, which enables lossless compression of digital music streams.
Just over a decade ago, Apple made ALAC open source, allowing the format to be used on non-Apple devices, including Android phones. Several updates have been made, but they have not been fixed since 2011.
Researchers at the Israeli security firm Check Point Research found that attackers could exploit the vulnerabilities to execute a remote code execution (RCE) attack. Check Point wrote in its blog that “The impact of an RCE vulnerability can range from executing malware to an attacker who takes control of a user’s media data, including streaming from a compromised machine’s camera.” In addition, a low-cost Android application can exploit its vulnerabilities to increase its privileges and access users ’multimedia information and conversations.
The vulnerability affected the Qualcomm and MediaTek chipsets
Check Point Research found that Qualcomm and MediaTek migrated the vulnerable ALAC code to their audio decoders, which it says are used in more than half of all smartphones worldwide. Check Point points out that the latest figures from IDC show that 48.1% of all Android phones in the states are equipped with the MediaTek chipset, and 47% use Qualcomm.
Check Point passed on the information it collected to both Qualcomm and MediaTek. The latter “indicated” two common vulnerability and exposure vulnerability numbers, CVE-2021-0674 and CVE-2021-0675, for ALAC vulnerabilities that MediaTek had already fixed and published in the December 2021 MediaTek Security Bulletin. Qualcomm released a fix. CVE-2021-30351 in the December 2021 Qualcomm Security Bulletin.
Security researcher Slava Makkaveev, who discovered the vulnerabilities along with Netanel Ben Simon, said the vulnerabilities could be exploited easily. on his mobile phone “