AI is on a continuum between helpful and harmful. Iff we know how AI is used. Thus today's warning.
Any Android smartphone smart tablet can be totally (kernel level takeover) by receiving an audio message. Not reading, just receiving an audio message. No clicks, no open of the audio message, no playing of the message, no interaction.
Why?
A vulnerability in the Dolby audio decoder. An audio decoder in almost every Android device. When receiving an audio message via any means, the decoder decodes the message for transcription using AI.
A recent change. Now that audio decoder is exposed to the internet and any attacker.
So, with AI the audio message can be transcribed, translated, searched, indexed, ...
Yeah but with AI on your Android device and a malicious audio message delivered with no notice or interaction AND more and more apps using Android AI features - not good.
Chaining this vulnerability with a vulnerability in BigWave (a hardware video decoding) the attacker has full kernel level control and access. Access like camera, microphone, files, Internet access, ...
Clever attackers? No, the attackers used AI to develop the attack. Google's AI developed an attack on Google Android platform.
The same Dolby audio decoder is used on iPhones and Macs but with a compile switch to prevent the vulnerability.
Please check your android device and any recent security updates.
No comments:
Post a Comment