Linux TCP Flaw Leaves 80% Android Phones Open To Spying


android linux tcp flawShort Bytes: Last week, we reported about the serious TCP flaw in Linux kernel that can hijack Linux devices in 60 seconds. Now, according to a report by security firm Lookout, the same flaw also affects around 1.4 billion Android devices. It’s expected that Google will release a fix for the same in the upcoming Android release. For the time being, Android users are advised to use encrypted apps and VPN.

About 80 percent of Android smartphones are affected by a recently discovered vulnerability that allows a hacker to remotely hijack internet traffic, terminate your connections, and inject malware, the security firm Lookout said. This vulnerability is classified as CVE-2016-5696.

This flaw first appeared in all Linux kernel versions between 3.6 and 4.7. If left unnoticed, this flaw facilitates a range of blind off-path TCP attacks with a success rate of 90%. The first vulnerable Linux kernel version was also used to create the Android KitKat.

“If you’re running an enterprise mobility program, a number of Android devices are potentially vulnerable to a serious spying attack,” said Andrew Blaich, a security researcher from Lookout.

The security firm found that a patch for the Linux kernel was pushed by the Linux Foundation on July 11, 2016. However, when the latest developer preview of Android Nougat was checked, the kernel wasn’t patched against this flaw. It makes perfect sense if we assume that the patch was not available to the older versions.

Well, carrying out this attack is not easy as the source and the destination IP addresses are required. But, this might not be a problem for the attackers who have a privileged access to the network, like ISPs and governments.

VPN and encryption can protect Android users

The Lookout team recommends the use of encrypted apps, HTTPS, and VPN to defeat this flaw. If you are a technical user, the Lookout team has something more for you:

“If you have a rooted Android device you can make this attack harder by using the sysctl tool and changing the value for net.ipv4.tcp_challenge_ack_limit to something very large, e.g. net.ipv4.tcp_challenge_ack_limit = 999999999.”

A Google representative has told Ars that they are already aware of the vulnerability and taking required actions. Google has also termed the flaw ‘moderate’, as opposed to ‘high’ or ‘critical’.

We can expect to see a fix being pushed with the new Android release, which will also fix the dangerous QuadRooter flaw.

Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.

Also Read: Battery-Powered Google Glass Returning With A Touchpad

Aditya Tiwari

Aditya Tiwari

Aditya likes to cover topics related to Microsoft, Windows 10, Apple Watch, and interesting gadgets. But when he is not working, you can find him binge-watching random videos on YouTube (after he has wasted an hour on Netflix trying to find a good show). Reach out at [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job