A Linux Flaw, which was first detected this spring, not only gives anyone the ability to hijack internet traffic but it also affects 80% of Android devices, which equals to about 1.4 billion devices.
Andrew Blaich, a security researcher from Lookout, stated:
“If you’re running an enterprise mobility program, a number of Android devices are potentially vulnerable to a serious spying attack.”
According to the Lookout security analysts, the Linux vulnerability contains an exploit in TCP, because of which cybercriminals are able to spy on their victims by hijacking unencrypted traffic and breaking down encrypted traffic. Due to this exploit, crooks don’t need to use the Man-in-the-Middle (MitM) attack in order for the spying process to be successful.
“We found the patch for the Linux kernel was authored on July 11, 2016. However, checking the latest developer preview of Android Nougat, it does not look like the Kernel is patched against this flaw.” – Blaich explained – “This is most likely because the patch was not available prior to the most recent Android update.”
Even though the MitM attack is not necessary, the hackers still can`t execute the spying without knowing an IP destination address and a source.
“CISOs should be aware that this new vulnerability affects their Linux environments, Linux-based server connections (e.g., to popular websites), in addition to Android devices.” – Blaich added – “Enterprises are encouraged to check if any of the traffic to their services (e.g., email) is using unencrypted communications. If so, targeted attacks would be able to access and manipulate unencrypted sensitive information, including any corporate emails, documents or other files.”
Patching this dangerous flaw would take the Linux kernel of all Android devices to be up to date – a process which could be very time-consuming. Meanwhile, Blaich recommends that all users should encrypt their communications for better protection.