Skip to main content

Nearly all Android phones at risk of attack — what to do

Android malware
(Image credit: Shuterstock)

A major security flaw affecting nearly every Android smartphone has been discovered, which could potentially allow hackers to remotely access and control a smartphone's camera and microphone. 

The flaw, discovered by Check Point Research, found a vulnerability in the audio decoders of Qualcomm and MediaTek chips; an unprivileged Android app could then use this security hole to change its privileges, then access a user's camera and microphone and eavesdrop on their communications. 

Check Point Research revealed the vulnerability today (April 22), but had previously disclosed the issue to MediaTek and Qualcomm, which patched their firmware in December 2021.

Nearly all Android phones affected

Together, Qualcomm and MediaTek's chips power nearly 95 percent of all Android smartphones in the U.S., according to IDC

This particular exploit involves the Apple Lossless Audio Codec (ALAC), which was launched in 2004. While Apple has updated its proprietary version of the decoder, the shared code has not been patched since 2011, according the Check Point Research. It was this code that Qualcomm and MediaTek used for their audio decoders. 

Prior to releasing a firmware update, if an attacker were to implant an audio file with malicious code onto a vulnerable Android smartphone, they could then access the camera and microphone. 

What you can do

As always, to make sure your device is protected, check to see that its firmware and operating system are fully updated, and that you have installed any security patches. You should also avoid downloading or installing any apps or files from untrusted sources or unofficial app marketplaces. For an additional layer of security, you can also install one of the best android antivirus apps

Michael A. Prospero is the deputy editor at Tom’s Guide. He oversees the Homes, Smart Home, and Fitness/Wearables categories, but also tests out the latest standing desks, webcams, drones, and electric scooters. He has worked at Tom's Guide for many a year; before that, he was the Reviews Editor for Laptop Magazine, a reporter at Fast Company, and, many eons back, an intern at George magazine. When he’s not testing out the latest running watch, electric scooter, or skiing or training for a marathon, he’s probably using the latest sous vide machine, smoker, or pizza oven, to the delight or chagrin of his family.