Apple’s audio codec creates Android security problem

In general, Android and Apple are two very separate brands and operating systems, but the two have now become so close that a security problem has arisen. That’s because of a weakness in ALAC. ALAC is the Apple Lossless Audio Codec. Here’s what that has to do with Android devices and what the status of this security issue is now.

ALAC

ALAC has been used by Apple since 2004 and it is purely intended to send audio over the Internet without losing any quality of music, which makes the quality of the audio significantly better than if it were not there. However, this Apple-brewed codec is also available in an open source version on Android and which the processors of Qualcomm and MediaTek use. However, they use a variant that dates back to 2011 and has not been updated since.

If there is a weakness in that Android ALAC, a faulty Android app can abuse it and, for example, gain access to data and the microphone of your smartphone. This allows such an app to listen in on your telephone conversations and ambient sounds. The weak is registered via Qualcomm under CVE-2021-30351, while MediaTek has registered CVE-2021-0674 and CVE-2021-0675 for this.

Weakness in Android

Check Point Research (CPR) has discovered the vulnerabilities and is now warning about the potential problems that could arise. After all, someone can remotely hear what you are saying or go through your media on your phone, but it is also not inconceivable that malware is executed or that the camera is used without the owner of the phone being aware of this. . The vulnerability is known as ‘ALHACK’ and would be present on at least two-thirds of all smartphones sold in 2021.

The question, of course, is: what now? After CPR notified Qualcomm and MediaTek, the companies created patches to address the issue. Those were already released in December 2021 by both Qualcomm and MediaTek, so you don’t have to worry about them anymore, as long as you keep your device up to date.

How do you feel about these chip makers using tech that hasn’t been updated in over a decade?