Linux Bug ‘Lets Attackers Target Billions Of Android Devices’

About 80 percent of Android mobile devices are affected by a Linux flaw that could allow attackers to intercept communications and obtain sensitive information, researchers said.

The bug, disclosed last week at the Usenix security conference in Austin, Texas, affects about 1.4 billion devices, according to mobile security researchers Lookout.

Communications flaw

The bug, which affects the Transmission Control Protocol (TCP), was discovered in version 3.6 of the Linux kernel, released in 2012, and Lookout found that it is present in Android 4.4 (“KitKat”) and all later versions, including the latest developer preview of Android Nougat.

“The issue should be concerning to Android users as attackers are able to execute this spying without traditional ‘man-in-the-middle’ attacks,” Lookout said in an advisory. “CISOs should be aware that this new vulnerability affects their Linux environments and Linux-based server connections (e.g. to popular websites) in addition to Android devices.”

While the bug is difficult to exploit – meaning it presents only a “moderate” risk – it could be used in targeted attacks to intercept sensitive information that hasn’t been encrypted, Lookout said.

“Targeted attacks would be able to access and manipulate unencrypted sensitive information, including any corporate emails, documents, or other files,” Lookout stated.

Attackers could inject malicious code into unencrypted traffic, for instance sending a user a script that would present a false login window in order to obtain security credentials, researchers said.

Patching issues

While most Linux systems can be patched using routine procedures, the bug presents more of a risk for Android devices, which in many cases have sluggish or nonexistent patching processes.

While awaiting Android patches, Lookout said organisations can mitigate the bug’s risk by encrypting their communications or, on rooted devices, executing a command via the sysctl tool that makes the bug more difficult to exploit.

Lookout said it expects Google to release an Android patch in its next monthly update, and Google confirmed in a statement that it is aware of the issue and is “taking the appropriate actions”.

The bug, designated CVE-2016-5696, was disclosed last week by researchers from the University of California, Riverside and the US Army Research Laboratory, and a patch was released last month.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

2 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

3 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

4 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

6 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

7 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

7 hours ago