The recently revealed security bug (CVE-2016-5696) in the TCP implementation in the Linux kernel that could allow attackers to hijack unencrypted web traffic without an MitM position also affects some 1.4 billion Android devices, Lookout researchers have warned.
“We can estimate then that all Android versions running the Linux Kernel 3.6 (approximately Android 4.4 KitKat) to the latest are vulnerable to this attack or 79.9% of the Android ecosystem,” they noted.
This fact should not be surprising, as the Android mobile OS is based on the Linux kernel.
The bug has already been patched in the latest stable version of the kernel, and according to information received by Dan Goodin, Google is aware of the vulnerability and is working on fixing it, even though they consider the risk of exploitation of the bug to be not that high.
Even though there is no indication that the flaw is being exploited in attacks in the wild, until patches are pushed out to the still supported versions of Android, Lookout researcher Andrew Blaich advises users to encrypt their communications.
“This means ensuring the websites you browse to and the apps you use are employing HTTPS with TLS. You can also use a VPN if you want to add an extra step of precaution,” he noted.
“If you’re running an enterprise mobility program, a number of Android devices are potentially vulnerable to a serious spying attack. CISOs should be aware that this new vulnerability affects their Linux environments, Linux-based server connections (e.g., to popular websites), in addition to Android devices,” he added.
“Enterprises are encouraged to check if any of the traffic to their services (e.g., email) is using unencrypted communications. If so, targeted attacks would be able to access and manipulate unencrypted sensitive information, including any corporate emails, documents, or other files.”