Web Analytics

80 percent of Android devices at risk due to Linux TCP bug

A week ago a report showed that many people on the Internet were susceptible to attacks thanks to the Transmission Control Protocol (TCP) flaw which was in Linux. A University of California assistant professor in computer science, Zhiyun Quan said that the Linux flaw did not even need a genius for it to be exploited. He said that anyone could exploit the flaw and make use of it. The research team responsible for the paper presented their findings to the USENIX Security Symposium.

80 percent of Android devices at risk due to Linux TCP bugHowever a new research conducted by security researchers over at Lookout security firm have notes that eight out of 10 Android based devices are also at risk of the flaw. The researchers say that there are probably many Android bigs out on the market but this one did not need an advanced degree in technology for it to be exploited. Andrew Blaich, a researcher with Lookout said that the flaw was within reach and the threat of attack was also practical.

Lookout noted that the flaw which intercepted the internet traffic was also responsible pf causing problems with at least 80 percent of Android based devices. This roughly translates to 1.4 billion devices in use at the moment. The security company also added that the flaw could be used to unencrypt traffic or could be used to degrade the encryption connections.

Man in the middle attacks are not necessarily needed in such scenarios but the destination IP address and the source are needed to successfully execute attacks. This means that all Android versions which run the Linux Kernel 3.6, (which means that the Android 4.4 KitKat. This means approximately 79.9 percent of the Android devices are affected.

Apparently the flaw has been available since 2012 and since the Linux version 3.6 of the Linux kernel. Lookout noted that they had not seen a patch on the kernel in their latest preview of the Android Nougat. As of now, Lookout said that they were not aware of any proof of concept attacks that could be used to exploit the flaw. The company also noted that they expected Android to fix the problem in their next monthly update.

A Google spokesperson contacted noted that the problem was not with the Android system itself but rather with the Linux kernel. However, engineers were still taking action on the problem.

Apparently, CISOs were notified about the problem of running enterprise mobility program that a number of Android were still susceptible to attacks of serious espionage. Lookout said that they would encourage enterprises to continually check if any of their connections were making use of encrypted communications. If so, then the attacks aimed at the enterprises would be able to get and manipulate the unprotected sensitive information.