A previously identified Linux flaw that allows anyone to hijack internet traffic turns out to also affect 80% of Android devices—or about 1.4 billion devices.
“If you’re running an enterprise mobility program, a number of Android devices are potentially vulnerable to a serious spying attack,” Andrew Blaich, a security researcher from Lookout.
According to Lookout, the original flaw, which was reported this spring, involves a critical exploit in TCP that lets hackers obtain unencrypted traffic and degrade encrypted traffic to spy on victims, allowing attackers to execute this spying without traditional man-in-the-middle attacks.
“We found the patch for the Linux kernel was authored on July 11, 2016. However, checking the latest developer preview of Android Nougat, it does not look like the Kernel is patched against this flaw,” Blaich explained. “This is most likely because the patch was not available prior to the most recent Android update.”
While a MitM attack is not required here, the attacker still needs to know a source and destination IP address to successfully execute the attack. But, the risk is still there for targeted attacks.
“CISOs should be aware that this new vulnerability affects their Linux environments, Linux-based server connections (e.g., to popular websites), in addition to Android devices,” Blaich said. “Enterprises are encouraged to check if any of the traffic to their services (e.g., email) is using unencrypted communications. If so, targeted attacks would be able to access and manipulate unencrypted sensitive information, including any corporate emails, documents or other files.”
In order to patch this vulnerability Android devices need to have their Linux kernel updated—a process that could take some time. In the meantime, users can protect themselves by encrypting their communications, Blaich noted.
Photo © tanuha 2001/Shutterstock.com