80 percent of Android Devices are vulnerable because of a transmission control protocol (TCP) specification and its implementation.
Advertisement
Security firm Lookout said in a blog post on Monday that the flaw affects all phones and tablets that are running Android 4.4 KitKat and later, which comes with the affected Linux kernel 3.6 or newer.
Linux kernel developers patched the flaw in July this year, but Blaich noted that the remedy hasn’t yet been applied to the latest developer preview of Android Nougat, the forthcoming version 7.0 of Google’s mobile operating system.
According to the Lookout security analysts, the Linux vulnerability contains an exploit in TCP, because of which cybercriminals are able to spy on their victims by hijacking unencrypted traffic and breaking down encrypted traffic. “If there’s somewhere they’re going to that they don’t want tracked, always ensure they’re encrypted”. In the event the connections aren’t encrypted, attackers can then inject malicious code or content into the traffic.
One of the more likely ways exploits might target Android users is for them to insert JavaScript into otherwise legitimate Internet traffic that isn’t protected by the HTTPS cryptographic scheme. As of August 1, this was 79.9 percent of all Android users.
To make the attack work, the adversary must first spend about 10 seconds to test whether two specific parties-say a known Android user and USA Today-are connected.
Another month, another large-scale Android vulnerability. The ArsTechnica report adds that Google is already aware of this flaw and its engineers are taking appropriate actions. “If so, targeted attacks would be able to access and manipulate unencrypted sensitive information, including any corporate emails, documents or other files”. Android smartphones are also under constant threat from vulnerabilities like Stagefright.
Advertisement
In order to patch this vulnerability Android devices need to have their Linux kernel updated-a process that could take some time.
