ANDROID users are being warned over a flaw in their devices that could let hackers listen in on your call from the first time you turn it on.

Threat actors could target Android devices that are running on Qualcomm and MediaTek chipsets – who are two of the largest chip providers in the world.

Hackers could listen in on your phone calls due to a flaw in Android devices

1

Hackers could listen in on your phone calls due to a flaw in Android devicesCredit: Getty

Security experts at Check Point Research said two thirds of all smartphones sold in 2021 were vulnerable to the flaw.

This is due to both of these chipsets possessing a compromised Apple Lossless Audio Codec (ALAC) code in their audio decoders.

ALAC is an audio coding format for audio compression that was originally open-sourced by Apple in 2011.

The company responsible releases updates and security fixes for the software, however not every vendor that uses the software reportedly applies this.

A vulnerability of this sort can allow hackers to use remote code execution (RCE) to access a device without gaining physical access to it.

RCE attacks are considered very serious because their impact can range from malware execution to a hacker gaining total control over a device.

This means that threat actors can access personal files, messages, photos, and even a phone camera’s streaming functionality.

Speaking about the threat, Check Point said: “The ALAC issues our researchers found could be used by an attacker for remote code execution attack (RCE) on a mobile device through a malformed audio file. RCE attacks allow an attacker to remotely execute malicious code on a computer.

Most read in Tech

“The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera.

“In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations.”

Bleeping Computer report that threat actors can take advantage of the vulnerability by sending a maliciously crafted audio file which the victim is tricked into opening.

For this reason, experts are recommending users update their Android devices immediately.

To update your Android device, go to your Settings > About Phone > Check for Updates.

Kim 'has NO integrity for friendship with abuser' Joe Francis, director says
How Orsolya Gaal's 'killer' was under surveillance by NYPD for DAYS

If an update is available, an ‘Update’ button should appear, simply tap it and then hit ‘Install’.

Also not, depending on your phone’s operating system, you may also see ‘Install Now’, ‘Reboot and install’, or ‘Install System Software’.

This post first appeared on Thesun.co.uk

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Octopath Traveler 2: Tips for beginners

OCTOPATH Traveler was a game with a lot of complexity, and its…

I Found My Chosen Family on Social Media

Six months after I first posted on Instagram, I left my husband…

Scam: Britons in lockdown targeted with fake texts claiming they must pay a fine for breaching rules

Britons are being targeted by scammers with fraudulent calls and text messages…

The 13 Best Running Gear (2020): Shoes, Clothes, Accessories

And finally, if you’re just starting to run, you’re probably going to…