The unfortunate truth.
Some Android smartphones running on Qualcomm and MediaTek processors are vulnerable to remote hacking through a vulnerability in certain audio files.
The problem lies in the ALAC (Apple Lossless Audio Codec) audio codec, which allows you to compress and then play audio files with minimal loss of sound quality. Seeing the word Apple in the name of the codec, many will think that this codec is installed on Apple devices like iPhone, iPad and Macbook. So it is, but it was used not only in them. The fact is that the very first version of this codec was actually developed by Apple and has been used since 2004. In 2011, Apple decided to provide everyone with the codes for this codec and posted a special version of ALAC in the public domain (here). Many have started using it. Including for Android smartphones. Over the years, Apple has continued to develop and improve this codec for its own products, and the publicly available free version of the codec remained unchanged. For all the time that has passed since the opening of access to the free version of the ALAC codec, Apple has never updated it! Not surprisingly, during this time, hackers found “holes” in the codec and used them for their dirty deeds.
How an Android smartphone is hacked
This is how attackers act. They send an infected audio file to the victim’s Android smartphone. Or the victim can download this infected music file from the Internet under the guise of something worthwhile. When this file is played on an Android smartphone, malicious code is executed that can change the smartphone’s settings and gain access to both the microphone and the camera. In other words, hackers can access both voice and video conversations.
How to protect yourself
This problem was called ALHACK and was fixed by Qualcomm and MediaTek at the end of 2021 in the next updates. All you need is check available updates on your Android device and install them. To install updates on Android go to smartphone settings and check if you can upgrade to the latest software version.
Is it Apple’s fault?
You can hardly blame Apple for not updating the absolutely free version of the ALAC audio codec. But claims can be made against processor manufacturers Qualcomm and MediaTek. Indeed, due to the initially incorrect checking of audio frames during the playback of ALAC files in smartphones with these processors, a “hole” in security arose. But no one is immune from mistakes, and only those who do nothing do not make mistakes.
We recommend that all Android device owners update their smartphones as updates become available.
In May 2022, a report will be read at the CanSecWest conference on how widely hackers were able to exploit this vulnerability.
It can be useful:
Share
Put 5 stars at the bottom of the article if you like this topic.
Follow us on Telegram, In contact withand Yandex.Zen.
The post Android can be hacked through audio files appeared first on Gamingsym.