Android smartphones at danger due to Apple Lossless codec open-source availability, pre-analysis thankfully saved the users from the security threat

Findings from the CheckPoint Research (CPR) team unveil a massive security threat to millions of mobile phone users all over the world. According to CPR, android phones that are embedded with semiconductors produced by Qualcomm Snapdragon and MediaTek companies are exposed to serious security threats.

Leading smartphone brands such as Samsung, Xiaomi and other android devices are using Qualcomm and MediaTek chips for wireless communication and all of these device users are vulnerable to arbitrary code execution, meaning media files are exposed to threat actors and the device’s security becomes compromised. Cybercriminals can gain access to the phone’s camera and mic through an audio decoder. For those who don’t know, an Audio codec or simply an Audio decoder is a software that can encode or decode digital data. With the unpatched audio decoder, an attacker can steal the phone’s gallery and audio by using a corrupt media file. As per CPR, three-quarters of the overall mobile phone users can become vulnerable to remote execution by a threat actor. Malformed audio can be sent to the user in the form of a song or breaking news, and when the receiver plays the song, a remote execution code is transferred to the phone’s privileged media. This can lead to serious consequences. The victim’s data is no longer saved. Threat actors can exploit the data, can see what the user is watching, and gain access to private audio and videos. Concurrently, a deprived privacy app escalates and leverages to keep an eye on users’ conversations.

In addition to it, iPhone, Mac, and several android devices that use Apple Lossless Audio Codec (ALAC) were also at a huge risk of security threats identified by Check Point security analyst Slava Makkaveev. ALAC, which is Apple’s music compression technology, launched in 2004 and become accessible in most non-Apple devices in 2011 when Apple made it open-source for the greater benefit of the community. These codecs are available in Apple’s music playlist of over 75 million songs and enable users to listen to the exact artist’s audio by removing redundancies from the files. Apple's Lossless shared code hasn't yet been patched since 2011, making MediaTek and Qualcomm semiconductors vulnerable to security threats.

To stop this escalation of unprivileged media, CPR coordinated with the chip-making companies to fix the security issues by updating patches in all android phones. In this way, pre-analysis of security threats by CPR saved users from vulnerabilities.

Read next: Hello Passkeys, Goodbye Passwords: Android Is Introducing Password- Replacing Keys That Will Be In Sync With Your Google Account
Previous Post Next Post