Is your Android phone at risk?

If it's been a while since you updated your phone, your device may be vulnerable to a malicious backdoor software attack.

Associated Press

May 2, 2022, 3:01 PM

Updated 814 days ago

Share:

Is your Android phone at risk?
By Paul Rose Jr. for Wealth of Geeks
It's almost the time of year (May) when Google rolls out their latest annual Android operating system update. Some users were expecting it to come sooner this year, in part to combat the overheating issue, as well as the Android Auto bug. Thankfully, Google is finally releasing Android 13 Beta 1. But for two-thirds of Android users, a larger problem looms - ALHACK.
To be clear, a patch to fix the vulnerability has already been issued by major phone chip manufacturers Qualcomm and MediaTek, as of December 2021. But if it's been a while since you updated your phone, your device may still be vulnerable to a malicious backdoor software attack.

Wait, There's Apple in my Android?

To fully understand the problem, we have to go back to 2011. That's when Apple open-sourced the codec for lossless audio. Released in 2004, the Apple Lossless Audio Codec, or ALAC was designed to give the best digital audio sound from the smallest size file possible. It's what allowed compressed audio files to be played on iPhones and iPods, as well as Macs, at professional level sound quality.
While they would sometimes be a serious drain on the battery, the file size was half of that of an uncompressed record, allowing many more songs to be saved. In 2011, Apple released the codec details on the Apache license server, and many other companies snatched it up to improve their operating systems and chipsets.

Back Door Vulnerability

Unfortunately, an unexpected side effect of using the ALAC codec as released was the ability for hackers to use a malformed audio file to game the system. The audio file that appears to be damaged opens the phone to remote access.
Hackers don't have to be anywhere near the phone to execute it, granting them access to your device, including listening in on conversations and even streaming live video. The Remote Code Execution (RCE) attack also allowed hackers to change device privileges, giving them access to data saved on the phone that even the user can't see.
While Apple has constantly updated and reworked their in-house ALAC codec over the years, they never updated the open source. Therefore, the vulnerability was left undiscovered until Check Point Research discovered it and reached out to Qualcomm and MediaTek. Thankfully, the two major tech companies quickly acted to protect their users.

The Fix is In

Patches that repaired the codec were issued in December of 2021, and sent through to phone manufacturers, allowing them to update the coded before more phones were sent out. But that still leaves millions of Android phones made and sold in 2021 that could still be at risk. Especially if you're more cautious about updating to Beta releases or just in the dark about the danger to your technology.
Regardless of your usual approach, experts are recommending that all Android users download the latest security updates, at the very least to protect their devices. By the way, there's a possibility of Google releasing Android 13 Beta 2 in late May, so now would be the time to update and avoid any new bugs being discovered.
Hopefully this will serve as a lesson to the top two Android chip manufacturers to not cut corners and double check all of the tech they work on, rather than passing that risk off onto the eventual consumer. It's not a price Android phone users should have to pay.


More from News 12
1:26
Riverhead BOE approves plan to bring resource officers to schools

Riverhead BOE approves plan to bring resource officers to schools

2:02
Cloudy skies, muggy conditions and rain showers on Long Island

Cloudy skies, muggy conditions and rain showers on Long Island

0:29
Bay Shore Assembly of God school to close following summer session

Bay Shore Assembly of God school to close following summer session

0:50
Nassau Democratic legislators to start blocking Blakeman from borrowing money

Nassau Democratic legislators to start blocking Blakeman from borrowing money

0:27
Farmingdale parent files lawsuit in connection to deadly bus crash

Farmingdale parent files lawsuit in connection to deadly bus crash

4:23
Sen. Bob Menendez to resign from office Aug. 20 following corruption conviction

Sen. Bob Menendez to resign from office Aug. 20 following corruption conviction

0:26
Police: Suspect wanted for robbing Stop & Shop in East Meadow

Police: Suspect wanted for robbing Stop & Shop in East Meadow

0:28
Police: Suspect arrested for burglarizing Macy’s at Green Acres Mall multiple times

Police: Suspect arrested for burglarizing Macy’s at Green Acres Mall multiple times

0:18
Volunteers plant trees at Oakdale facility for people with developmental disabilities

Volunteers plant trees at Oakdale facility for people with developmental disabilities

1:45
Long Beach School Board renews talks to close elementary school following survey results

Long Beach School Board renews talks to close elementary school following survey results

0:23
Police: Third teen arrested for causing $600K in damage to Shelter Island home

Police: Third teen arrested for causing $600K in damage to Shelter Island home

2:01
Pilot, passenger from Virginia identified as victims in MacArthur Airport crash

Pilot, passenger from Virginia identified as victims in MacArthur Airport crash

1:04
Smithtown boy returns home from South Carolina after being stranded from global tech outage

Smithtown boy returns home from South Carolina after being stranded from global tech outage

1:59
Police: 2 men arrested for running construction scam targeting older adults in Floral Park

Police: 2 men arrested for running construction scam targeting older adults in Floral Park

1:38
Optimum donates $2,500 to Henry Viscardi School following wheelchair basketball game

Optimum donates $2,500 to Henry Viscardi School following wheelchair basketball game

1:43
Roosevelt man accused of series of crimes that resulted in injuries to 2 Nassau County officers

Roosevelt man accused of series of crimes that resulted in injuries to 2 Nassau County officers

1:50
New mental health clinic opens at NUMC

New mental health clinic opens at NUMC

0:18
Police: 3 men wanted for stealing $6,000 worth of sunglasses in Lake Grove

Police: 3 men wanted for stealing $6,000 worth of sunglasses in Lake Grove

0:20
Big Lots to close stores nationwide, including 2 locations on Long Island

Big Lots to close stores nationwide, including 2 locations on Long Island

0:16
Riverhead police chief announces departure from department

Riverhead police chief announces departure from department