Linux Flaw Exposes 1.4 Billion Android Devices to Spying

Featured eBooks
Customer Experience
Read Now

Identity in Government

Read Now

Health Tech

Read Now
Insights & Reports
Know Your Business: Protecting Service Organizations from Non-Compliance Risks and Financial Threats
Presented By Melissa Data
Download Now
Executive Guide - Connectivity Cloud, Explained
Presented By Cloudflare
Download Now

By

A huge number of Android users are vulnerable to a flaw that allows attackers to intercept communications and—if unencrypted—inject malicious code or content, according to a mobile security company.

“We can estimate then that all Android versions running the Linux Kernel 3.6 (approximately Android 4.4 KitKat) to the latest are vulnerable to this attack or 79.9 percent of the Android ecosystem,” says a Lookout blog post.

The recently discovered Linux flaw lets hackers anywhere online to detect when two parties are communicating over a transmission control protocol connection, such as web mail, news feeds or direct messages. At the Usenix Security Symposium, researchers demonstrated how they could shut down connections and, in the case of a legit but unencrypted USA Today web page, insert JavaScript to collect usernames and passwords.

“Targeted attacks would be able to access and manipulate unencrypted sensitive information, including any corporate emails, documents or other files,” says the Lookout blog post.

A Google representative told Ars Technica the company was taking appropriate actions and the Android security team rates the risk as “moderate.”

Until a patch is issued, the Lookout blog suggests encrypting traffic, using HTTPS with transport layer security and using a virtual private network.

Original Report:
blog.lookout.com/blog/2016/08/15/linux-vulnerability-android/

NEXT STORY: Hacks targeting Democrats put a spotlight on cyber in Congress