80% of Android Devices Are Open To Spying Due To This Linux TCP Flaw
It has just been recently discovered that about 80% of Android smartphones are affected by a vulnerability which hackers can exploit to remotely hijack internet traffic, terminate connections, and inject malware according to the security firm Lookout. The vulnerability has been classified as CVE-2016-5696.
The flaw was first discovered in all Linux kernel versions between 3.6 and 4.7 and when left unnoticed can facilitate a range of blind off-path TCP attacks which have an astonishing success rate of 90%. It is this first vulnerable Linux kernel version that was used to create Android KitKat.
Andrew Blaich, a security researcher from Lookout said:
If you’re running an enterprise mobility program, a number of Android devices are potentially vulnerable to a serious spying attack
The security firm discovered that although the Linux Foundation pushed a patch for the Linux kernel on July 11, 2016, the kernel wasn’t patched against this particular flaw when the latest developer preview of Android Nougat was checked. And although carrying out such an attack is not easy as ABC because the source and the destination IP addresses are requirements, it might not be a problem for attackers like ISPs and governments who have a privileged access to the network.
VPN and encryption can protect Android users
The Lookout team recommends that users make use of encrypted apps, HTTPS, and VPN in order to defeat this flaw, and for technical users, they advise that:
If you have a rooted Android device you can make this attack harder by using the sysctl tool and changing the value forto something very large, e.g. = 999999999.
Google termed the flaw ‘moderate’, and a representative of theirs told Ars that they are aware of the vulnerability and that they are taking required actions.