A major security flaw affecting nearly every Android smartphone has been discovered, which could potentially allow hackers to remotely access and control a smartphone's camera and microphone.
The flaw, discovered by Check Point Research (opens in new tab), found a vulnerability in the audio decoders of Qualcomm and MediaTek chips; an unprivileged Android app could then use this security hole to change its privileges, then access a user's camera and microphone and eavesdrop on their communications.
Check Point Research revealed the vulnerability today (April 22), but had previously disclosed the issue to MediaTek and Qualcomm, which patched their firmware in December 2021.
Nearly all Android phones affected
Together, Qualcomm and MediaTek's chips power nearly 95 percent of all Android smartphones in the U.S., according to IDC (opens in new tab).
This particular exploit involves the Apple Lossless Audio Codec (ALAC), which was launched in 2004. While Apple has updated its proprietary version of the decoder, the shared code has not been patched since 2011, according the Check Point Research. It was this code that Qualcomm and MediaTek used for their audio decoders.
Prior to releasing a firmware update, if an attacker were to implant an audio file with malicious code onto a vulnerable Android smartphone, they could then access the camera and microphone.
What you can do
As always, to make sure your device is protected, check to see that its firmware and operating system are fully updated, and that you have installed any security patches. You should also avoid downloading or installing any apps or files from untrusted sources or unofficial app marketplaces. For an additional layer of security, you can also install one of the best android antivirus apps.