Massive Android hack compromises device cameras and microphones

Android users around the world are facing the threat of being attacked after a security issue was uncovered that leaves a device’s microphone and camera vulnerable to remote access.

Writing about its discovery, Check Point Software Technologies said hackers could leverage the vulnerability to snoop on users’ audio/video media and even listen in on phone calls.

The phones that are most prone to danger are ones that have Qualcomm or MediaTek chips. Unfortunately, 98% of Android devices are powered by those two processors, so the impact could be enormous.

Closing the vulnerability

The Check Point researchers stated that they disclosed their findings to both chipmakers, and each company has apparently patched the security issue. However, anyone who has an Android device will need to update their system software to keep their device secure.

Failing to apply the update could be especially dangerous since all it would take is for a hacker to send someone a doctored audio file to compromise their device.

“The…issues our researchers found could be used by an attacker for remote code execution attack (RCE) on a mobile device through a malformed audio file,” the researchers explained. “RCE attacks allow an attacker to remotely execute malicious code on a computer. The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera.

“In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations.”