Is your Android phone at risk?

If it's been a while since you updated your phone, your device may be vulnerable to a malicious backdoor software attack.

Associated Press

May 2, 2022, 3:01 PM

Updated 804 days ago

Share:

Is your Android phone at risk?
By Paul Rose Jr. for Wealth of Geeks
It's almost the time of year (May) when Google rolls out their latest annual Android operating system update. Some users were expecting it to come sooner this year, in part to combat the overheating issue, as well as the Android Auto bug. Thankfully, Google is finally releasing Android 13 Beta 1. But for two-thirds of Android users, a larger problem looms - ALHACK.
To be clear, a patch to fix the vulnerability has already been issued by major phone chip manufacturers Qualcomm and MediaTek, as of December 2021. But if it's been a while since you updated your phone, your device may still be vulnerable to a malicious backdoor software attack.

Wait, There's Apple in my Android?

To fully understand the problem, we have to go back to 2011. That's when Apple open-sourced the codec for lossless audio. Released in 2004, the Apple Lossless Audio Codec, or ALAC was designed to give the best digital audio sound from the smallest size file possible. It's what allowed compressed audio files to be played on iPhones and iPods, as well as Macs, at professional level sound quality.
While they would sometimes be a serious drain on the battery, the file size was half of that of an uncompressed record, allowing many more songs to be saved. In 2011, Apple released the codec details on the Apache license server, and many other companies snatched it up to improve their operating systems and chipsets.

Back Door Vulnerability

Unfortunately, an unexpected side effect of using the ALAC codec as released was the ability for hackers to use a malformed audio file to game the system. The audio file that appears to be damaged opens the phone to remote access.
Hackers don't have to be anywhere near the phone to execute it, granting them access to your device, including listening in on conversations and even streaming live video. The Remote Code Execution (RCE) attack also allowed hackers to change device privileges, giving them access to data saved on the phone that even the user can't see.
While Apple has constantly updated and reworked their in-house ALAC codec over the years, they never updated the open source. Therefore, the vulnerability was left undiscovered until Check Point Research discovered it and reached out to Qualcomm and MediaTek. Thankfully, the two major tech companies quickly acted to protect their users.

The Fix is In

Patches that repaired the codec were issued in December of 2021, and sent through to phone manufacturers, allowing them to update the coded before more phones were sent out. But that still leaves millions of Android phones made and sold in 2021 that could still be at risk. Especially if you're more cautious about updating to Beta releases or just in the dark about the danger to your technology.
Regardless of your usual approach, experts are recommending that all Android users download the latest security updates, at the very least to protect their devices. By the way, there's a possibility of Google releasing Android 13 Beta 2 in late May, so now would be the time to update and avoid any new bugs being discovered.
Hopefully this will serve as a lesson to the top two Android chip manufacturers to not cut corners and double check all of the tech they work on, rather than passing that risk off onto the eventual consumer. It's not a price Android phone users should have to pay.


More from News 12
2:11
FBI investigating Trump rally attack as potential act of domestic terrorism

FBI investigating Trump rally attack as potential act of domestic terrorism

1:55
HEAT ALERT: Hot and humid Monday in the Hudson Valley; feels-like temps near 100

HEAT ALERT: Hot and humid Monday in the Hudson Valley; feels-like temps near 100

5:30
In prime-time address, Biden warns of election-year rhetoric, saying ‘it’s time to cool it down’

In prime-time address, Biden warns of election-year rhetoric, saying ‘it’s time to cool it down’

1:40
Chappaqua reacts to assassination attempt on former President Trump

Chappaqua reacts to assassination attempt on former President Trump

1:54
Reps. Lawler, Torres to introduce bill enhancing Secret Service protection for presidential candidates

Reps. Lawler, Torres to introduce bill enhancing Secret Service protection for presidential candidates

2:07
A look back at US political violence that changed history

A look back at US political violence that changed history

2:31
Pace professor weighs political rhetoric, gun control in wake of Trump rally shooting

Pace professor weighs political rhetoric, gun control in wake of Trump rally shooting

4:10
EXCLUSIVE INTERVIEW: Trump rally attendee gives his eyewitness account of the shooting

EXCLUSIVE INTERVIEW: Trump rally attendee gives his eyewitness account of the shooting

1:40
Chappaqua reacts to assassination attempt on former President Trump

Chappaqua reacts to assassination attempt on former President Trump

2:37
Security increased at Trump Tower following rally shooting

Security increased at Trump Tower following rally shooting

1:59
Hudson Valley officials condemn violence following Trump rally shooting

Hudson Valley officials condemn violence following Trump rally shooting

2:27
Political analyst weighs in on gun violence in wake of Trump rally shooting

Political analyst weighs in on gun violence in wake of Trump rally shooting

1:34
Political analyst: Shooting at Trump rally will bring changes to 2024 Presidential Election

Political analyst: Shooting at Trump rally will bring changes to 2024 Presidential Election

2:03
Poll: More than 40% of women skip or delay medical screenings and appointments

Poll: More than 40% of women skip or delay medical screenings and appointments

0:36
New Rochelle PD: Teen killed in fiery car crash at Golden Horseshoe Shopping Center

New Rochelle PD: Teen killed in fiery car crash at Golden Horseshoe Shopping Center

1:54
Overnight fire closes Delite Bake Shop in Yonkers

Overnight fire closes Delite Bake Shop in Yonkers

2:23
‘New York’s backyard jam.’ Music lovers flock to Pleasantville Music Festival

‘New York’s backyard jam.’ Music lovers flock to Pleasantville Music Festival

1:55
NYPD: 3-year-old fatally struck in Harlem was from New Rochelle

NYPD: 3-year-old fatally struck in Harlem was from New Rochelle

0:30
Wake services held for Port Chester police officer killed in an off-duty motorbike crash

Wake services held for Port Chester police officer killed in an off-duty motorbike crash

0:35
NY Office of Cannabis Management issues recall for ‘Sky High’ brand marijuana products

NY Office of Cannabis Management issues recall for ‘Sky High’ brand marijuana products