Linux Vulnerability Leaves 1.4 Billion Android Devices Open to Security Threat: Report

Advertisement
By Shekhar Thakran | Updated: 16 August 2016 20:22 IST
Highlights
  • The security flaw reportedly exists on 80 percent of Android devices
  • The flaw was revealed USENIX Security 2016 conference recently
  • Lookout has suggested use of VPN to avoid being spied upon
Linux Vulnerability Leaves 1.4 Billion Android Devices Open to Security Threat: Report

Just when you might be wrapping your head around that QuadRooter saga, researchers from mobile security firm Lookout have suggested that a newly discovered Linux flaw essentially "allows an attacker to remotely spy on people who are using unencrypted traffic or degrade encrypted connections."

The Linux kernel vulnerability, which was revealed recently in TCP at the USENIX Security 2016 conference, was introduced in version 3.6 of the Linux OS kernel (released in 2012) and exists in all Android smartphones running version 4.4 KitKat or later, as pointed out in the security firm's blog post.

As Lookout points out, that's 80 percent of Android devices according to Google's latest distribution figures, or roughly 1.4 billion devices, based on Statista's figures.

The vulnerability means that attackers would be able to detect communications over a TCP connection, and if unencrypted, even insert malicious code into that traffic. "While a man in the middle attack is not required here, the attacker still needs to know a source and destination IP address to successfully execute the attack," Lookout said in its blog. Lookout has suggested that Android users should consider using VPN while browsing and also encrypt the communications to prevent them from being spied on.

Advertisement

As the exploit is relatively hard to execute, Lookout has assigned medium severity rating to the flaw but does clarify that the risk of "targeted attacks" is there. The underlying Linux OS kernel vulnerability is classified as CVE-2016-5696, and has been patched.

The security firm has said that even though the patch for the Linux kernel was created on July 11, with the latest developer preview of Android 7.0 Nougat, the kernel doesn't seem to be patched against this particular flaw.

Advertisement

Speaking to Ars Technica, a Google representative said the company was aware of the vulnerability and was "taking the appropriate actions". The representative went on to say that the Android security team rates the risk "moderate," as opposed to "high" or "critical" for many of the vulnerabilities it patches

Note, this is not the first Linux kernel vulnerability that has affected Android in the recent past, with Google in March admitting vulnerabilities in Android code based on Linux kernel versions 3.4, 3.10, and 3.14. The company had made available a patch to OEMs, and worked to remove the vulnerabilities from its own Nexus devices.

Advertisement

Last week, a set of vulnerabilities dubbed as QuadRooter surfaced and was claimed to affect roughly 900 million Android devices. According to researchers if any one of the vulnerabilities is exploited, an attacker can gain root access to the affected device.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Nothing Phone 3 Surfaces on Walmart Website Which Reaffirms Its US Launch
  2. Samsung Galaxy S24 Ultra and Galaxy S24 Price Lowered on Amazon
  1. NASA Chandra Spots Distant X-Ray Jet; Telescope Faces Major Budget Cuts
  2. JWST Reveals Pluto’s Haze Cools Atmosphere, Paints Charon’s Poles Red
  3. Earth’s Oceans Enter Danger Zone Due to Rising Acidification, New Study Warns
  4. Samsung Galaxy S24 Ultra, Galaxy S24 Price Lowered on Amazon With Discounts, Cashback Offers
  5. Maryade Prashne Now Streaming on SunNXT: Everything You Need to Know
  6. Good Wife OTT Release: When and Where to Watch Tamil Legal Drama Online?
  7. Android 16 QPR1 Beta 2 Update for Pixel Reportedly Brings New Launch Animation for Gemini Overlay
  8. Jinn - The Pet OTT Release Date: When and Where to Where to Watch Tamil Horror-Comedy Online?
  9. DD Next Level Now Streaming: Know Where to Watch This Tamil Horror-Comedy
  10. Nothing Phone 3 Listed on Walmart Website, Reaffirming Its Launch in the US
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.