Linux Vulnerability Leaves 1.4 Billion Android Devices Open to Security Threat: Report

Advertisement
By Shekhar Thakran | Updated: 16 August 2016 20:22 IST
Highlights
  • The security flaw reportedly exists on 80 percent of Android devices
  • The flaw was revealed USENIX Security 2016 conference recently
  • Lookout has suggested use of VPN to avoid being spied upon
Linux Vulnerability Leaves 1.4 Billion Android Devices Open to Security Threat: Report

Just when you might be wrapping your head around that QuadRooter saga, researchers from mobile security firm Lookout have suggested that a newly discovered Linux flaw essentially "allows an attacker to remotely spy on people who are using unencrypted traffic or degrade encrypted connections."

The Linux kernel vulnerability, which was revealed recently in TCP at the USENIX Security 2016 conference, was introduced in version 3.6 of the Linux OS kernel (released in 2012) and exists in all Android smartphones running version 4.4 KitKat or later, as pointed out in the security firm's blog post.

As Lookout points out, that's 80 percent of Android devices according to Google's latest distribution figures, or roughly 1.4 billion devices, based on Statista's figures.

The vulnerability means that attackers would be able to detect communications over a TCP connection, and if unencrypted, even insert malicious code into that traffic. "While a man in the middle attack is not required here, the attacker still needs to know a source and destination IP address to successfully execute the attack," Lookout said in its blog. Lookout has suggested that Android users should consider using VPN while browsing and also encrypt the communications to prevent them from being spied on.

Advertisement

As the exploit is relatively hard to execute, Lookout has assigned medium severity rating to the flaw but does clarify that the risk of "targeted attacks" is there. The underlying Linux OS kernel vulnerability is classified as CVE-2016-5696, and has been patched.

The security firm has said that even though the patch for the Linux kernel was created on July 11, with the latest developer preview of Android 7.0 Nougat, the kernel doesn't seem to be patched against this particular flaw.

Advertisement

Speaking to Ars Technica, a Google representative said the company was aware of the vulnerability and was "taking the appropriate actions". The representative went on to say that the Android security team rates the risk "moderate," as opposed to "high" or "critical" for many of the vulnerabilities it patches

Note, this is not the first Linux kernel vulnerability that has affected Android in the recent past, with Google in March admitting vulnerabilities in Android code based on Linux kernel versions 3.4, 3.10, and 3.14. The company had made available a patch to OEMs, and worked to remove the vulnerabilities from its own Nexus devices.

Advertisement

Last week, a set of vulnerabilities dubbed as QuadRooter surfaced and was claimed to affect roughly 900 million Android devices. According to researchers if any one of the vulnerabilities is exploited, an attacker can gain root access to the affected device.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. iPhone 17 Might Offer the Screen Upgrade We've Been Waiting For
  1. Kedarnath Yatra Helicopter Booking Online Scam: Uttarakhand Police STF Reportedly Cracks Down on Cybercriminals
  2. Microsoft's Xbox Handheld Plans Reportedly Shelved; Company to Optimise Windows 11 Gaming Performance
  3. Disney+ Expands Subscriber Perks, Including Movie Premieres
  4. Google, DOJ to Make Final Push in US Search Antitrust Case
  5. Realme GT 7, Realme GT 7T With 7,000mAh Batteries Go on Sale in India: Price, Specifications, Sale Offers
  6. Vivo T4 Ultra Launch in India Teased; Company Hints at Periscope Telephoto Camera With 100x Zoom
  7. Perplexity Labs Launched With Ability to Generate Spreadsheets, Reports and Create Web Apps
  8. Oppo Find N5 Flip Reportedly in Development, Schematics Hint at Updated Design With New Camera Layout
  9. Vivo TWS Air 3 With Spatial Audio, Up to 45-Hour Battery Life Launched: Price, Specifications
  10. iPhone 17 Said to Feature Larger Screen With Long-Awaited Refresh Rate Upgrade
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.