Qualcomm and MediaTek, two of the biggest chipmakers in the world, have been found to have used vulnerable technology in smartphones that could have led to privacy violations of Android users.
Check Point Research (CPR) discovered a number of vulnerabilities in the Apple Lossless Audio Codec (ALAC), a component responsible for compressing audio data, that could have led to users’ calls and stored images being accessed by cyber attackers.
The researchers believe that more than two-thirds of the world’s Android smartphones were vulnerable to the attacks at some point.
The vulnerabilities were found in the ALAC code which Apple made open source in 2011; the ALAC has since been installed in a wide variety of non-Apple audio playback devices and programmes - not just Android smartphones, CPR said.
Apple has since updated the code since it went open source, but the code in question had not been updated since 2011 and both Qualcomm and MediaTek ported the vulnerable ALAC code into their audio decoders.
Attackers could have used the vulnerabilities to conduct a remote code execution (RCE) attack on smartphones by sending victims a malformed audio file, the researchers said, but will not unveil full details of how the vulnerabilities can be exploited until they are presented at the CanSecWest conference in May.
RELATED RESOURCE
“We've discovered a set of vulnerabilities that could be used for remote execution and privilege escalation on two-thirds of the world's mobile devices,” said Slava Makkaveev, reverse engineering and security research, at CPR. “The vulnerabilities were easily exploitable. A threat actor could have sent a song (media file) and when played by a potential victim, it could have injected code in the privileged media service.
“The threat actor could have seen what the mobile phone user sees on their phone. In our proof of concept, we were able to steal the phone's camera stream. What is the most sensitive information on your phone? I think it's your media: audio and videos. An attacker could have stolen that through these vulnerabilities. The vulnerable decoder is based on the code shared by Apple 11 years ago.”
MediaTek tracks both vulnerabilities as CVE-2021-0674 and CVE-2021-0675, scoring 5.5 and 7.8 out of ten on the CVSSv3 threat severity scale, and were patched by the company in December 2021.
Qualcomm tracks the security vulnerability as CVE-2021-30351, scoring 9.8, a critical rating, and affected a score of Snapdragon products. Qualcomm patched the issue in December 2021 and CPR waited until this week to publish details to allow users time to patch.
CPR recommends all Android users regularly patch their phones to the latest version that Google issues on a monthly basis.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
GPU memory vulnerability could allow hackers to access LLM responses - and Apple, Qualcomm, and AMD products were all at riskNews The GPU memory vulnerability could've left large language models wide open to exploitation by threat actors
-
APIs: Understanding the business benefits and riskswhitepaper What you need to know about potential data exposure from APIs
-
Apple patches actively exploited iPhone, iPad zero-day and 18 other security flawsNews The out-of-bounds write error is the eighth actively exploited zero-day impacting Apple hardware this year and could facilitate kernel-level code execution
-
Businesses on alert as mobile malware surges 500%News Researchers say hackers are deploying new tactics that put Android and iOS at equal risk
-
Apple fixes array of iOS, macOS zero-days and code execution security flawsNews The first wave of security updates for Apple products in 2022 follows a year in which a wide variety of security flaws plagued its portfolio of devices
-
Trend Micro Worry-Free Business Security review: Great cloud-managed malware protectionReviews A reassuringly simple endpoint-protection solution – although mobile support is basic
-
Over 300,000 Android users downloaded banking trojan malwareNews Hackers defeated Google Play restrictions by using smaller droppers in apps and eliminating permissions needed
-
Flaw in Android phones could let attackers eavesdrop on callsNews The vulnerable chips are thought to be present in 37% of all smartphones worldwide
