Linux bug infecting Android users

2016August25_AndroidPhone_ABugs have come a long way, and they’re not just creepy-crawlies anymore. So we have to worry not only about the bugs that we contract and make us physically ill, but also the bugs that threaten the security of our beloved smartphones. Most people overlook bugs since they’re so tiny, but what they lack in size they make up for in their capacity to wreak havoc on innocent devices. What are the consequences of failing to address these security matters? Read on and find out.

Recently, researchers from the mobile security firm Lookout confirmed that “an estimated 80 percent of Android phones contain a recently discovered vulnerability that allows attackers to terminate connections and, if the connections aren’t encrypted, inject malicious code or content into the parties’ communications.” The statement itself might be new, but many have already suspected a flaw in version 3.6 of Linux, dating as far back as 2012. It’s thought that the flaw itself was introduced into Android version 4.4 (aka KitKat) and is still present today, including in the latest developer preview, Android Nougat.

As numerically backed up by the Android install base and quoted by statistic provider Statista, over 1.4 billion Android devices (about 80 percent of users) are currently vulnerable. What Android users can do is to ensure that their communications are encrypted by using VPNs (virtual private networks) or by making sure that whatever sites they visit are encrypted. Encryption allows you to travel without being tracked; if the predator can’t see you, you’re no longer a target.

If you’re vulnerable, you welcome anyone with an Internet connection to determine whether or not two parties have been communicating via a long-lived transport protocol connection. This includes Webmail, news feeds as well as direct messages. Unencrypted connections allow attackers to utilize malicious code or inject content into the traffic. This doesn’t mean that encrypted connections are safe; attackers are still be able to determine and terminate the existence of channels as well. This vulnerability has been dubbed as CVE-2016-5696.

One of the more likely methods used to compromise Android users is the the insertion of JavaScript into legitimate Internet traffic that isn’t HTTPS cryptographic scheme-protected. This may display messages claiming that users have been logged out of their accounts and prompting them to re-enter their usernames and passwords. Having sent the login credentials to the attacker, similar exploits may also be used to target unpatched browsers, emails or chat apps the Android users use.

To initiate the attack, the attacker must spend about 10 seconds to establish whether two specific parties are connected, then another 45 seconds to flood their traffic with malicious content. Because it takes a certain amount of time for the attack to fully commence, these attacks aren’t suited for opportunistic attacks that affect more than one individual. Instead, this technique is ideal for the infection or surveillance of one specific target, especially if the hacker knows some of the sites the target frequently visits.

We can breathe a sigh of relief with a Google representative’s statement that company engineers are aware of the situation and are “taking appropriate actions.” He also noted that among the various vulnerabilities on Google’s patches, the Android security team has officially rated the risk as “moderate” as opposed to “high” or “critical.” Maintainers of the Linux kernel have successfully patched CVE-2016-5696. They are working toward incorporating a fix into a new Android release in the coming months.

Matters of security should never be taken lightly, especially when it comes to your personal device. For more information on this sensitive and intricate matter, please feel free to contact us anytime. We are more than happy to answer your questions. The more you know, the better.

Published with permission from TechAdvisory.org. Source.