Linux Flaw Puts 1.4 Billion Android Devices at Risk

Android devices nougat

A Linux flaw that allows an attacker to hijack a target’s internet traffic via a TCP connection exploit also impacts about 4 in 5 Android devices – nearly 1.4 billion Android devices – security researchers have discovered.

A previously discovered Linux flaw that allowed attackers to spy on secure communications without the use of traditional “man-in-the-middle” attacks has also been discovered to impact nearly 80% of all activated Android devices in the world.

The Linux Flaw, originally discovered by researchers from the US Army Research Laboratory and the University of California lets attackers obtain unencrypted traffic and degrade encrypted traffic to snoop in on their targets.

An explanation by security firm Lookout on its blog explains that the attacker would still need to know the source and destination IP address in order to pull off the attack.

Since Android’s source code is based on Linux, the platform is fundamentally vulnerable to the same flaw.

Lookout explains:

We can estimate then that all Android versions running the Linux Kernel 3.6 (approximately Android 4.4 KitKat) to the latest are vulnerable to this attack or 79.9% of the Android ecosystem.

While the patch for the Linux kernel was released on July 11, 2016, the latest developer preview of Android’s latest operating system, Android N or Nougat, does not contain the patch.

While Android devices will be required to ultimately have their Linux kernels updated to patch the flaw, the security firm is recommending a few timely fixes until a patch is hopefully released with the official Android N release.

Chief among the remedies is the suggestion to encrypt all internet traffic and communications. All apps and website traffic are recommended to use HTTPS with TLS. A virtual private network is also recommended.

“We are not aware of PoCs exploiting this new vulnerability and anticipate Google will patch in the next Android monthly patch. In the meantime, we will continue to monitor for exploits,” added the advisory from Lookout.

Featured image from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.