Linux flaw 'leaves 80 per cent of Android devices vulnerable to spying' -TEISS® : Cracking Cyber Security

IoT / Linux flaw ‘leaves 80 per cent of Android devices vulnerable to spying’

Linux flaw ‘leaves 80 per cent of Android devices vulnerable to spying’

Nearly 80 per cent of Android devices could be vulnerable to a flaw that lets hackers read unencrypted internet traffic.

Security researchers from Lookout say a previously-reported TCP exploit also affects devices running Android 4.4 KitKat and above, which use the Linux Kernel 3.6.

The flaw means attackers could spy on users without the traditional man-in-the-middle method, whereby they must first compromise their victims' networks.

The Linux TCP vulnerability was originally revealed by experts from the University of California and US Army Research Laboratory at the USENIX Security conference.

It allows attackers to remotely spy on people using unencrypted connections, or to degrade encrypted connections, putting users’ privacy at risk.

Although a man-in-the-middle attack is not required, the researchers pointed out that the hackers still need to know a source and destination IP address.

Lookout said a patch for the Linux kernel was released on July 11th, but the most recent developer preview of Android Nougat does not seem to be patched.

“This is most likely because the patch was not available prior to the most recent Android update,” the researchers wrote in a blog post.

Although ultimately the Linux kernel needs to be updated and it is expected Google will do this soon, in the meantime users are advised to ensure their traffic is encrypted.

“If you’re running an enterprise mobility program, a number of Android devices are potentially vulnerable to a serious spying attack,” they wrote.

“CISOs should be aware that this new vulnerability affects their Linux environments, Linux-based server connections (e.g. to popular websites), in addition to Android devices.

“Enterprises are encouraged to check if any of the traffic to their services (e.g. email) is using unencrypted communications. If so, targeted attacks would be able to access and manipulate unencrypted sensitive information, including any corporate emails, documents or other files.”

For more on the flaw, see the Lookout blog.

Photo © Scott Akerman (CC BY 2.0). Cropped.



Get the latest cyber news in your inbox

Join our community of cyber professionals today!