After Linux, TCP Exploit Expandable to 80% of Android Devices

A couple of days ago researchers exposed a Linux flaw allowing hackers to hijack Internet traffic — Now it’s been discovered that the flaw also affects 80% of Android devices!

The university of California, Riverside researchers along with the US Army Research Lab has recently announced the presence of a TCP vulnerability in Linux based devices.

This is old news, yeah we know it, but this isn’t the news that we are going to share with you. What we need to tell you is that this vulnerability can be used to target Android systems as well. What is particularly alarming is the fact that this flaw makes over 1.4 billion Android devices vulnerable to exploitation.

Must Read: Critical Security Flaws in Android Devices Affecting Millions of Users

According to Lookout, a grave exploit that is found in the TCP of Linux systems is equally effective on roughly 80% of all Android devices. Attackers can easily get unencrypted data traffic and also spy upon victims by degrading encrypted traffic.

Android users have every reason to feel concerned because it is also possible that attackers launch a man-in-the-middle attack apart from spying on them. This would lead to compromising of their entire network because attackers would look for intercepting the traffic.

What actually happens is that attacker can spy on people remotely and users who utilize unencrypted traffic or have disabled encrypted connections would be the likely targets. When the attacker gets information about a source and destination IP address, it will become possible to launch a man-in-the-middle attack. It has also been revealed that those android systems that run the Linux Kernel 3.6, which is like Android 4.4 KitKat, are most vulnerable currently. Needless to mention, this system accounts for around 79.9% of the entire Android fraternity.

Analysts have assigned medium severity to this new threat by labeling it as CVE-2016-5696. We have already seen the patch for Linux Kernel but the preview of Android Nougat doesn’t hint upon incorporation of a patched kernel. This means, those running an enterprise mobility program would make quite a few numbers of Android devices vulnerable to spying feats from attackers.

To patch this flaw, it is important to update the Linux kernel used for Android. Until the patch is released for Android, what you can do to help yourself is to use encrypted communication platforms. Ensure that the websites and platforms that you browse are using HTTPS with TLS. If possible, use a VPN to be on the safe side.

Must Read: Beware; Adwind RAT infecting Windows, OS X, Linux, Android Devices

Solution as per Lookout researchers: 

Encrypt your communications to prevent them from being spied on. This means ensuring the websites you browse to and the apps you use are employing HTTPS with TLS. You can also use a VPN if you want to add an extra step of precaution.
If you have a rooted Android device you can make this attack harder by using the sysctl tool and changing the value for net.ipv4.tcp_challenge_ack_limit to something very large, e.g. net.ipv4.tcp_challenge_ack_limit = 999999999
Related Posts