Warning for Android users over flaw which can let hackers listen in on calls

ANDROID users are being warned over a flaw in their devices that could let hackers listen in on calls from the first time you turn it on.

Threat actors could target Android devices that are running on Qualcomm and MediaTek chipsets – who are two of the largest chip providers in the world.

Hackers could listen in on your phone calls due to a flaw in Android devices


Hackers could listen in on your phone calls due to a flaw in Android devicesCredit: Getty

Security experts at Check Point Research said two thirds of all smartphones sold in 2021 were vulnerable to the flaw.

This is due to both of these chipsets possessing a compromised Apple Lossless Audio Codec (ALAC) code in their audio decoders.

ALAC is an audio coding format for audio compression that was originally open-sourced by Apple in 2011.

The company responsible releases updates and security fixes for the software, however not every vendor that uses the software reportedly applies this.

A vulnerability of this sort can allow hackers to use remote code execution (RCE) to access a device without gaining physical access to it.

RCE attacks are considered very serious because their impact can range from malware execution to a hacker gaining total control over a device.

This means that threat actors can access personal files, messages, photos, and even a phone camera’s streaming functionality.

Speaking about the threat, Check Point said: “The ALAC issues our researchers found could be used by an attacker for remote code execution attack (RCE) on a mobile device through a malformed audio file. RCE attacks allow an attacker to remotely execute malicious code on a computer.

“The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera.

“In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations.”

Bleeping Computer report that threat actors can take advantage of the vulnerability by sending a maliciously crafted audio file which the victim is tricked into opening.

For this reason, experts are recommending users update their Android devices immediately.

To update your Android device,…