Another worrying hole in Android’s security has been brought to light, and apparently this one affects almost 80% of all pieces of hardware running Google’s mobile OS – which amounts to some 1.4 billion devices.
As security firm Lookout notes, this particular vulnerability is in the TCP protocol and affects Linux computers, but it also pertains to versions of Android running the Linux Kernel 3.6 – meaning devices running Android 4.4 (KitKat) and newer.
The flaw allows for a malicious party to spy on unencrypted traffic – i.e. your communications from the device – without having to breach the network to implement a traditional ‘man-in-the-middle’ attack to achieve this surveillance.
While that sounds bad, the truth is that the attack is still far from trivial to execute, and as Lookout observed, in terms of how difficult an exploit it is to pull off, it’s been rated as ‘hard’.
Lookout stated: “While a man-in-the-middle attack is not required here, the attacker still needs to know a source and destination IP address to successfully execute the attack.”
Targeted attacks
Of course, it’s still very concerning to see yet another vulnerability which affects a massive amount of Android devices, and there’s a definite risk of malicious parties carrying out targeted attacks – something businesses should be particularly aware of (corporate data being highly prized by cybercriminals, naturally).
While a patch for the Linux kernel was concocted last month to combat this exploit, it still isn’t in the latest preview version of Android Nougat.
Hopefully, though, we’ll see the fix being rolled out soon enough, although as ever with Android and all its many different versions, when your device will be patched depends on a number of factors – Google implementing it into the OS being only the first step.
In the meantime, one counter-measure you can take is to ensure your internet traffic is encrypted, so the apps you use and sites you visit should employ HTTPS – or you could go further still and use a VPN (and if that’s something you’re considering, check out our guide to the best VPN services).
Source: techradar.com
Top Brands
Lookout stated: "While a man-in-the-middle attack is not required here, the attacker still needs to know a source and destination IP address to successfully execute the attack."
That clearly DOES make the attack more difficult, but the real question then becomes…
Is obtaining the "source and destination IP address" easy, or hard? What tools exist to obtain it, using other information that a hacker might identify you or your connection by?
I'd think "easy", since the address itself is not considered confidential, but rather the data you obtain from a given IP address – but I'm completely speculating.
Should be mentioned here if so – or if not. The implication is that it's not. I'm thinking that's a false sense of security, particularly if that IP address obtaining technique might be automated and these scans recorded somewhere for malicious purposes by data collection bots.