Linux Bug ‘Lets Attackers Target Billions Of Android Devices’

About 80 percent of Android mobile devices are affected by a Linux flaw that could allow attackers to intercept communications and obtain sensitive information, researchers said.

The bug, disclosed last week at the Usenix security conference in Austin, Texas, affects about 1.4 billion devices, according to mobile security researchers Lookout.

Communications flaw

The bug, which affects the Transmission Control Protocol (TCP), was discovered in version 3.6 of the Linux kernel, released in 2012, and Lookout found that it is present in Android 4.4 (“KitKat”) and all later versions, including the latest developer preview of Android Nougat.

“The issue should be concerning to Android users as attackers are able to execute this spying without traditional ‘man-in-the-middle’ attacks,” Lookout said in an advisory. “CISOs should be aware that this new vulnerability affects their Linux environments and Linux-based server connections (e.g. to popular websites) in addition to Android devices.”

While the bug is difficult to exploit – meaning it presents only a “moderate” risk – it could be used in targeted attacks to intercept sensitive information that hasn’t been encrypted, Lookout said.

“Targeted attacks would be able to access and manipulate unencrypted sensitive information, including any corporate emails, documents, or other files,” Lookout stated.

Attackers could inject malicious code into unencrypted traffic, for instance sending a user a script that would present a false login window in order to obtain security credentials, researchers said.

Patching issues

While most Linux systems can be patched using routine procedures, the bug presents more of a risk for Android devices, which in many cases have sluggish or nonexistent patching processes.

While awaiting Android patches, Lookout said organisations can mitigate the bug’s risk by encrypting their communications or, on rooted devices, executing a command via the sysctl tool that makes the bug more difficult to exploit.

Lookout said it expects Google to release an Android patch in its next monthly update, and Google confirmed in a statement that it is aware of the issue and is “taking the appropriate actions”.

The bug, designated CVE-2016-5696, was disclosed last week by researchers from the University of California, Riverside and the US Army Research Laboratory, and a patch was released last month.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

5 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

8 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

9 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

10 hours ago