Is your Android phone at risk?

If it's been a while since you updated your phone, your device may be vulnerable to a malicious backdoor software attack.

Associated Press

May 2, 2022, 3:01 PM

Updated 814 days ago

Share:

Is your Android phone at risk?
By Paul Rose Jr. for Wealth of Geeks
It's almost the time of year (May) when Google rolls out their latest annual Android operating system update. Some users were expecting it to come sooner this year, in part to combat the overheating issue, as well as the Android Auto bug. Thankfully, Google is finally releasing Android 13 Beta 1. But for two-thirds of Android users, a larger problem looms - ALHACK.
To be clear, a patch to fix the vulnerability has already been issued by major phone chip manufacturers Qualcomm and MediaTek, as of December 2021. But if it's been a while since you updated your phone, your device may still be vulnerable to a malicious backdoor software attack.

Wait, There's Apple in my Android?

To fully understand the problem, we have to go back to 2011. That's when Apple open-sourced the codec for lossless audio. Released in 2004, the Apple Lossless Audio Codec, or ALAC was designed to give the best digital audio sound from the smallest size file possible. It's what allowed compressed audio files to be played on iPhones and iPods, as well as Macs, at professional level sound quality.
While they would sometimes be a serious drain on the battery, the file size was half of that of an uncompressed record, allowing many more songs to be saved. In 2011, Apple released the codec details on the Apache license server, and many other companies snatched it up to improve their operating systems and chipsets.

Back Door Vulnerability

Unfortunately, an unexpected side effect of using the ALAC codec as released was the ability for hackers to use a malformed audio file to game the system. The audio file that appears to be damaged opens the phone to remote access.
Hackers don't have to be anywhere near the phone to execute it, granting them access to your device, including listening in on conversations and even streaming live video. The Remote Code Execution (RCE) attack also allowed hackers to change device privileges, giving them access to data saved on the phone that even the user can't see.
While Apple has constantly updated and reworked their in-house ALAC codec over the years, they never updated the open source. Therefore, the vulnerability was left undiscovered until Check Point Research discovered it and reached out to Qualcomm and MediaTek. Thankfully, the two major tech companies quickly acted to protect their users.

The Fix is In

Patches that repaired the codec were issued in December of 2021, and sent through to phone manufacturers, allowing them to update the coded before more phones were sent out. But that still leaves millions of Android phones made and sold in 2021 that could still be at risk. Especially if you're more cautious about updating to Beta releases or just in the dark about the danger to your technology.
Regardless of your usual approach, experts are recommending that all Android users download the latest security updates, at the very least to protect their devices. By the way, there's a possibility of Google releasing Android 13 Beta 2 in late May, so now would be the time to update and avoid any new bugs being discovered.
Hopefully this will serve as a lesson to the top two Android chip manufacturers to not cut corners and double check all of the tech they work on, rather than passing that risk off onto the eventual consumer. It's not a price Android phone users should have to pay.


More from News 12
1:36
Manchester police release 911 calls made by woman after boyfriend shoots her

Manchester police release 911 calls made by woman after boyfriend shoots her

2:31
STORM WATCH: Mostly cloudy today with steady batch of rain for New Jersey

STORM WATCH: Mostly cloudy today with steady batch of rain for New Jersey

2:13
Gov. Murphy facing time crunch in decision for Menendez replacement

Gov. Murphy facing time crunch in decision for Menendez replacement

1:50
Lead pipe replacements for thousands finally begins in Paterson

Lead pipe replacements for thousands finally begins in Paterson

0:15
Officials: Hudson County man gets 45 years in prison for 2018 homicide

Officials: Hudson County man gets 45 years in prison for 2018 homicide

Water main break shuts down two lanes eastbound on Route 37 in Toms River

Water main break shuts down two lanes eastbound on Route 37 in Toms River

1:39
Newark Liberty International Airport travelers still impacted by worldwide outage days later

Newark Liberty International Airport travelers still impacted by worldwide outage days later

0:34
Authorities identify driver killed in Route 3 truck crash and explosion in Clifton

Authorities identify driver killed in Route 3 truck crash and explosion in Clifton

0:56
Attorney General's Office: Driver was person who died in East Orange multivehicle crash

Attorney General's Office: Driver was person who died in East Orange multivehicle crash

2:06
Union City residents react to news Sen. Menendez is resigning

Union City residents react to news Sen. Menendez is resigning

0:18
NJ man faces up to 5 years in prison for stealing air conditioners from shopping center

NJ man faces up to 5 years in prison for stealing air conditioners from shopping center

1:26
Son finds his mom stabbed to death in their Edison home; suspect charged with murder

Son finds his mom stabbed to death in their Edison home; suspect charged with murder

2:10
July 24, 2024 drought details and comparison for New Jersey, New York

July 24, 2024 drought details and comparison for New Jersey, New York

0:31
Prosecutors: Palisades Park police officer arrested for assaulting woman multiple times, child endangerment

Prosecutors: Palisades Park police officer arrested for assaulting woman multiple times, child endangerment

1:46
Jersey Shore deli owner, infectious disease doctor explain how to keep safe from listeria amid outbreak

Jersey Shore deli owner, infectious disease doctor explain how to keep safe from listeria amid outbreak

0:28
Husband and wife sentenced for running fake medical practice in Old Bridge

Husband and wife sentenced for running fake medical practice in Old Bridge

0:35
Authorities: Mount Laurel man admits to possession of pipe bombs found in 2023 traffic stop

Authorities: Mount Laurel man admits to possession of pipe bombs found in 2023 traffic stop

0:20
Ewing woman sues Wawa after falling in open parking lot manhole

Ewing woman sues Wawa after falling in open parking lot manhole

4:23
Sen. Bob Menendez to resign from office Aug. 20 following corruption conviction

Sen. Bob Menendez to resign from office Aug. 20 following corruption conviction

1:27
What's Cooking: Uncle Giuseppe's Marketplace's shrimp with leeks and beans

What's Cooking: Uncle Giuseppe's Marketplace's shrimp with leeks and beans