A major security flaw affecting almost all Android smartphones has been discovered, which could potentially allow hackers to remotely access and control a smartphone’s camera and microphone.
The bug, discovered by Check Point Research, found a vulnerability in the audio decoders on Qualcomm and MediaTek chips; an unprivileged Android app could then use this security hole to change its privileges, then access a user’s camera and microphone and intercept their communications.
Check Point Research revealed the vulnerability today (April 22), but had previously revealed the issue to MediaTek and Qualcomm, who patched their firmware in December 2021.
Almost all Android phones are affected
Together, Qualcomm and MediaTek’s chips power nearly 95 percent of all Android smartphones in the United States, according to IDC.
This particular exploit involves the Apple Lossless Audio Codec (ALAC), which was launched in 2004. While Apple has updated its proprietary version of the decoder, the shared code has not been patched since 2011, according to Check Point Research. It was this code that Qualcomm and MediaTek used for their audio encoders.
Before a firmware update was released, a hacker could implant a malicious code audio file on a vulnerable Android smartphone so they could access the camera and microphone.
What you can do
As always, to ensure that your device is protected, make sure that its firmware and operating system are fully up-to-date and that you have installed any security patches. You should also avoid downloading or installing apps or files from unreliable sources or unofficial app marketplaces. For an extra layer of security, you can also install one of the best Android antivirus apps.