Android: a flaw in Qualcomm and Mediatek SoCs allows spying on millions of smartphones
Check Point computer security researchers have discovered three critical security flaws within the audio decoders of chips from Qualcomm and Mediatek. According to them, these vulnerabilities would allow an attacker to remotely access the media and the microphone of the targeted mobile devices.
Definitely, it’s time to spy on Android. Since the beginning of April 2022, articles relating to malware capable of spying on Android smartphone users have multiplied. We remember for example these 11 applications from the Play Store capable of collecting GPS data or even this Russian malware capable of reading your SMS or listening to your calls.
We owe the discovery of the day to computer security researchers from the Israeli firm Check Point. Indeed, these specialists have detected three critical security flaws in the audio decoders of many Qualcomm and MediaTek SoCs. Once exploited, these vulnerabilities could serve as a springboard for carrying out Remote Code Execution (RCE) attacks by simply sending a malicious audio file.
“The impact of an RCE vulnerability can range from executing malware to an attacker taking control of a user’s media data, including a compromised machine’s camera streaming.” explain the researchers. They continue:Additionally, an unprivileged Android application could use these vulnerabilities to elevate its privileges and gain access to users’ media data and conversations.
Also read: Android – this malware can intercept calls to your bank’s customer service
Flaws present in the open-source version of Apple Lossless
After investigation, Check Point experts discovered that its flaws are “rooted” in an audio encoding format originally developed and made open-source by Apple in 2011. Indeed, it is the Apple Lossless Audio Codec or ALAC, a codec used to lossless data compression of music in digital format.
Qualcomm and MediaTek have integrated the open-source version of this codec into their own audio decoders for many years. And if Apple has constantly updated its proprietary version of the ALAC codec, this is not at all the case with the open-source version. Since being made available on GitHub on October 27, 2011, the codec has not benefited from any update. After disclosing the existence of these vulnerabilities to the companies concerned, all three vulnerabilities were patched by Qualcomm and MediaTek in December 2021.
“The vulnerabilities were easily exploitable. A threat actor could have sent a song (media file) and, when played by a potential victim, it could have injected code into the privileged media service. The threat actor could have seen what the smartphone user sees on their phone,” summarizes Slava Makkaeev, researcher for Check Point.
Source: The Hacker News