Linux bug makes many Android devices vulnerable

The recently discovered flaw in the Linux implementation of rfc 5961 also affects a large number of Android phones, security firm Lookout said. All Android versions with the Linux kernel from version 3.6 are vulnerable, ie devices with Android 4.4 or higher.

Lookout writes that the vulnerability with attribute cve-2016-5696 in the Linux kernel was fixed on July 11, but that a patch is not yet available for the Linux kernel in Android. It is estimated by the security company that this makes 1.4 billion devices vulnerable. While the bug is difficult for attackers to use, an attack can be carried out without requiring a man-in-the-middle position.

One of the Lookout researchers tells Ars Technica that the vulnerability poses a risk to Android users who do not use a secure connection, for example via https or a VPN. For example, an attacker could inject malicious javascript code into the active connection and display a fake login screen to retrieve data. Such an action would take about a minute and would be suitable to be used in a targeted attack. The leak is considered “average” for the Android team, a Google employee told Ars Technica.

The vulnerability in question was presented by researchers from the University of California at the Usenix conference in Austin. The erroneous implementation of rfc 5961 in the Linux kernel allows an attacker to determine whether two parties are communicating through a tcp connection. In the case of an insecure connection, a malicious person can manipulate sent packets. A secure connection can only be broken.