Is your Android phone at risk?

2daec5ae 4aad 4c6f ada5 46501f8c27ee
61215849 8492 4ab0 822e a2bf301f5c03

By Paul Rose Jr. for Wealth of Geeks

It’s almost the time of year (May) when Google rolls out its latest annual Android OS update. Some users expected it to arrive earlier this year, partly to combat the overheating issue, as well as the Android Auto bug. Thankfully, Google is finally releasing Android 13 Beta 1. But for two-thirds of Android users, a bigger problem looms: ALHACK.

To be clear, a patch to fix the vulnerability was already released by major phone chipmakers Qualcomm and MediaTek, in December 2021. But if it’s been a while since you’ve updated your phone, your device may still be vulnerable to a malicious backdoor. software attack.

Wait, there’s Apple in my Android?

To fully understand the problem, you have to go back to 2011. That’s when Apple opened up the codec for lossless audio. Released in 2004, the Apple Lossless Audio Codec, or ALAC, was designed to deliver the best digital audio sound from the smallest file possible. This is what made it possible to play compressed audio files on iPhone and iPod, as well as Mac, with professional-grade sound quality.

READ MORE:  The iPhone 14 should steal this one feature from the OnePlus Nord N20

While they sometimes seriously drained the battery, the file size was half that of an uncompressed recording, allowing many more songs to be saved. In 2011, Apple released the codec details on the Apache license server, and many other companies picked it up to improve their operating systems and chipsets.

Backdoor Vulnerability

Unfortunately, an unexpected side effect of using the ALAC codec as released was the ability for hackers to use a malformed audio file to trick the system. The audio file that appears to be damaged opens the phone to remote access.

READ MORE:  iPhone 13 spring case collection sees first discounts, more- 9to5Mac

Hackers don’t need to be near the phone to run it, which gives them access to your device, including listening to conversations and even streaming live video. The remote code execution (RCE) attack also allowed hackers to modify device privileges, giving them access to data stored on the phone that even the user cannot see.

While Apple has constantly updated and reworked its internal ALAC codec over the years, they have never updated open source. Therefore, the vulnerability was not discovered until Check Point Research discovered it and contacted Qualcomm and MediaTek. Fortunately, the two big tech companies acted quickly to protect their users.

The fix is ​​in place

Patches that fixed the codec were released in December 2021 and sent to phone manufacturers, allowing them to update the code before more phones were sent. But that still leaves millions of Android phones made and sold in 2021 that could still be at risk. Especially if you are more cautious about updating to beta versions or just ignore the danger to your technology.

READ MORE:  We could see the first full screen, notchless iPhone as soon as 2024

Whatever your usual approach, experts recommend that all Android users download the latest security updates, at the very least to protect their devices. By the way, it is possible that Google will release Android 13 Beta 2 at the end of May, so it would be time to update and avoid the discovery of new bugs.

Hopefully, this will serve as a lesson to the two major Android chipmakers not to cut corners and double-check every technology they work on, rather than pass that risk on to the prospective consumer. This is not a price Android phone users should have to pay.

Source link

Leave a Comment