Check Point Research (CPR) found vulnerabilities in Android
Apple has made the software open source and the ALAC format has been incorporated into many non-Apple audio devices and programs
Check Point Research (CPR) found vulnerabilities in decoders
Check Point Research (CPR) discovered vulnerabilities in the audio decoders used by Qualcomm and MediaTek, the world’s two largest chip makers. It is Check Point’s Threat Intelligence Department.
Failure to correct these errors would result in a remote attack against multimedia files and voice chats. CPR estimates that two-thirds of the world’s smartphones remain vulnerable. According to the investigation, the vulnerable code is based on code shared by Apple 11 years ago.
This error was detected by the Apple Lossless Audio Codec (ALAC), also known as the Apple Lossless. ALAC is an audio encoding format developed by Apple Inc. and was first introduced in 2004 for lossless compression of digital audio information. It is worth noting that Apple has made the software open source and the ALAC format has been incorporated into many non-Apple audio devices and applications, including Android smartphones and Windows and Linux media players and converters.
“We found a number of vulnerabilities that could be used to remotely execute and grant rights to two-thirds of the world’s mobile devices. And the vulnerabilities could be easily exploited. what the user saw, ”says Slava Makkaveev, a researcher and expert in reverse design and security research from the Check Point Research division.
“In our concept certificate, we were able to steal camera power from a smartphone. What is the most sensitive information we may have on our mobile devices? I think they are multimedia files: audio and video. An attacker could steal them through these vulnerabilities,” Makkaveev added.
It’s worth noting that to protect users, CPR researchers recommend updating operating systems regularly, as Google releases security updates for Android every month.
Hackers break into Samsung and steal the source code of the Galaxy
The hackers of the Lapsus group have taken responsibility for a new attack on a technology company, this time Samsung. The company said the group would have escaped the Galaxy line with its source code. The South Korean company also said the attack would not affect its business or customers ’personal information.
The South American hacker group Lapsus $ rose globally in recent days as it hacked into Nvidia, the developer of the video card, and stole the source code of the resource company DSLL among emails and other confidential documents. a unique tool for improving image quality.
In Brazil, the group became known for breaking into the system of the Ministry of Health and causing a crash in the ConnectSUS application, which allowed Brazilian citizens access to their vaccination data.
At least 200GB of stolen data has been verified. Samsung said the company is using stolen source code to encrypt and biometric unlock functions on Galaxy phones. It is not yet known what criminals intend to do with the data, whether they intend to exploit the vulnerability found or whether they intend to sell it.
In a memorandum to the American publication Bloomberg, Samsung stated:
“Certain internal company information has been compromised. According to our original analysis, the hack contains source code related to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. At this time, do not expect us to events will continue and we will continue to serve our customers without interruption. “