Days after a major vulnerability spotted in the Linux-based systems, it has now been reported that the same flaw is affecting over 80 percent of the total Android market — around 1.4 billion devices worldwide. Attackers could spy on users remotely through leveraging the security hole.
A report by mobile security company Lookout claims that all Android versions running the Linux kernel 3.6 to the latest are vulnerable to the web traffic attack that exists in the Transmission Control Protocol (TCP) of Linux systems. While a patch for the bug was generated for the Linux kernel in July, the latest developer preview of Android Nougat is even apparently exposed to attackers.
“We found the patch for the Linux kernel was authored on July 11, 2016. However, checking the latest developer preview of Android Nougat, it does not look like the Kernel is patched against this flaw. This is most likely because the patch was not available prior to the most recent Android update,” writes Andrew Blaich, security researcher, Lookout, in a blog post.
Apart from the devices with the public, a large number of Android devices under various enterprise mobility programmes are potentially vulnerable to spying attacks. Enterprises need to encrypt communications within their circles to reduce the risk. Moreover, users are recommended to use apps that are employing HTTPS with TLS connections and leverage VPNs to restrict access on their devices.
You can check the existence of the vulnerability on your Android device by running command “sysctl net.ipv4.tcp_challenge_ack_limit” from an ADB shell. If it reports number less than 1,000, then your device would yet to receive the necessary patch.