Threat Category: Malicious or privacy-invasive application
ID: APP-41
Threat Description: An attacker who can place or answer calls without the device user’s knowledge could remotely record audio from within the vicinity of the device without directly accessing the device microphone.
Threat Origin
An investigation of Chrysaor Malware on Android 1
Exploit Examples
An investigation of Chrysaor Malware on Android 1
CVE Examples
Not Applicable
Possible Countermeasures
To prevent data collection using the device microphone, install a protective cover over the device which reliably blocks sound from being picked up when features requiring use of the microphone are not in use. Alternatively, turn off the device or do not take it into areas in which audio collection is a main concern.
To reduce the potential for such an exploit for which a security patch is available, ensure OS security updates are installed in a timely fashion.
EnterpriseTo reduce the potential for such an exploit for which a security patch is available, ensure OS security updates are installed in a timely fashion.
References