More Than 80% of Android Devices at Risk of Attack

By

A serious TCP flaw in the Linux kernel leaves these devices susceptible to spying.

More than 80% of Android devices, or approximately 1.4 billion mobile devices, are vulnerable to a Linux exploit that allows bad actors to spy on users by intercepting unencrypted web traffic.

The root cause of this flaw is a serious vulnerability in the TCP specification that “allows a blind off-path attacker to infer if any two arbitrary hosts on the Internet are communicating using a TCP connection.”

The TCP specification was strictly implemented in Linux since version 3.6 released in 2016. Google uses version 3.6 of the kernel in Android 4.4 KitKat. As a result, any Android device that’s running version 4.4 KitKat or above is affected by this flaw.

Other operating systems, including iOS, MacOS X, and Windows have not yet implemented the specification, which leaves those OSs unaffected by the flaw.

The TCP vulnerability was revealed at the 25th USENIX Security Symposium. The researchers said, “Through extensive experiments, we show that the attack is fast and reliable. On average, it takes about 40 to 60 seconds to finish and the success rate is 88% to 97%.” The researchers suggested changes to both the TCP specification and its implementation to remove the “root cause” of the problem.

08/17/2016

Related content

comments powered by Disqus