Microchip bugs expose millions of Androids to remote spying

Microchip bugs expose millions of Androids to remote spying

The audio decoders in Qualcomm and MediaTek chips have been found to have three security flaws that, if unpatched, could allow an adversary to listen in on media and audio conversations on affected mobile devices.


Check Point, an Israeli cybersecurity firm, says the flaws could be exploited by sending a specially crafted audio file to perform remote code execution (RCE) attacks.


In a report shared with The Hacker News, researchers stated that "the impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user's multimedia data, including streaming from a compromised machine's camera."


"Also, an unprivileged Android app could exploit these vulnerabilities to gain access to media data and user conversations."


Audio coding format developed and open-sourced by Apple in 2011 is the source of the vulnerabilities. The audio codec format, also known as Apple Lossless or the Apple Lossless Audio Codec (ALAC), is used to compress digital music without sacrificing quality.


As a result, several third-party vendors, including Qualcomm and MediaTek, have used the reference audio codec implementation provided by Apple to build their own audio decoders.


The open-source version of ALAC, on the other hand, has received no updates since it was uploaded to GitHub on October 27, 2011, despite the fact that Apple has consistently patched and resolved security flaws in its proprietary version.


Two of the flaws in MediaTek processors and one in Qualcomm chipsets have been linked to this ported ALAC code, according to Check Point.


CVE-2021-0674 (CVSS score: 5.5, MediaTek) - A case of improper input validation in ALAC decoder leading to information disclosure without any user interaction

CVE-2021-0675 (CVSS score: 7.8, MediaTek) - A local privilege escalation flaw in ALAC decoder stemming from out-of-bounds write

CVE-2021-30351 (CVSS score: 9.8, Qualcomm) - An out-of-bounds memory access due to improper validation of the number of frames being passed during music playback


Slava Makkaveev, the security researcher who discovered the flaws with Netanel Ben Simon, said the flaws made it possible to "steal the phone's camera stream" in a proof of concept exploit devised by Check Point.


All three flaws were patched in December 2021 as a result of timely disclosures by the respective chipset manufacturers.


In Makkaveev's words, "the vulnerabilities were easily exploitable." "By sending a song (media file), a threat actor could infect a victim's privileged media service with malware. In theory, the threat actor could have seen the mobile phone user's display on their device." 

0 Comments

Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post