Over 1.4 Billion Android Devices are Affected by Internet Traffic Hijacking Linux Flaw

An estimated 80 percent of Android smartphones and tablets running Android 4.4 KitKat and higher are vulnerable to a recently disclosed Linux kernel flaw that allows hackers to terminate connections, spy on unencrypted traffic or inject malware into the parties' communications.

Even the latest Android Nougat Preview is considered to be vulnerable.

The security flaw was first appeared in the implementation of the TCP protocol in all Linux systems deployed since 2012 (version 3.6 and above of the Linux OS kernel) and the Linux Foundation has already patched the Linux kernel on July 11, 2016.

However, the vulnerability (CVE-2016-5696) is now affecting a large portion of the Android ecosystem.
According to a blog post published Monday by mobile security firm Lookout, the Linux flaw is present in Android version 4.4 KitKat and all future releases, including the latest developer preview of Android Nougat. 

This means that 80% of all Android devices in use today, which is nearly 1.4 Billion devices, are vulnerable to attacks, enabling hackers to spy on your communications without even compromising your network via man-in-the-middle-attack.

However, the good news is that the Linux vulnerability is complicated and difficult to exploit, but the risk is there especially for targeted attacks.

Windows and Macs are not affected by the vulnerability.

A Google representative said company engineers are are already aware of the vulnerability and are "taking the appropriate actions. As noted in this post, the representative pointed out the flaw resides within vulnerable versions of the Linux kernel and it's not Android specific. The representative went on to say that the Android security team rates the risk "moderate," as opposed to "high" or "critical" for many of the vulnerabilities it patches. Maintainers of the Linux kernel have already patched CVE-2016-5696. It wouldn't be surprising if that fix is incorporated into a new Android release in the next month or so.

What can you do?

In order to patch this vulnerability Android devices need to have their Linux kernel updated.  Fortunately, there are a few remedies a user can do until the patch is released:

• Encrypt your communications to prevent them from being spied on. This means ensuring the websites you browse to and the apps you use are employing HTTPS with TLS. You can also use a VPN if you want to add an extra step of precaution.
• If you have a rooted Android device you can make this attack harder by using the sysctl tool and changing the value for net.ipv4.tcp_challenge_ack_limit to something very large, e.g. net.ipv4.tcp_challenge_ack_limit = 999999999
• We are not aware of PoCs exploiting this new vulnerability and anticipate Google will patch in the next Android monthly patch. In the meantime, we will continue to monitor for exploits.
• If you are more technically inclined, you can check if your device is vulnerable by running from an adb shell the following command: sysctl net.ipv4.tcp_challenge_ack_limit if the number reported is less than 1,000 (1,000 is the new number in the patch) your Android device most likely does not contain the necessary patch.

source: lookout , Arstecnica,