The TCP/IP networking flaw allows attackers to spot communications between two entities and can be exploited to hijack the traffic and manipulate it if the exchange is not encrypted.
The attack is not considerable a man-in-the-middle attack, the attackers just need to send spoofed packets to both sides of the connection by simply knowing their IP addresses and destination ports.
According to the experts at Lookout security, the Linux vulnerability affects 80% of Android devices, it appears to have been introduced into Android version 4.4 (also called KitKat) and it is still present in the current versions.
“Lookout recently discovered a serious exploit in TCP reported this week also impacts nearly 80% of Android, or around 1.4 billion devices, based on an install base reported by Statista. The vulnerability lets attackers obtain unencrypted traffic and degrade encrypted traffic to spy on victims.” reported Lookout security in a blog post.
The Linux vulnerability could be exploited by attackers to hijack traffic, inject malware into downloads and web pages, and run a wide range of attacks.
A patch for the Linux kernel was available since July 11, 2016, but checking the latest developer preview of Android Nougat, the Google OS is still affected by the flaw.
A Google spokesman confirmed that it is already working on the issue by “taking the appropriate actions.” The Google representative highlighted that the Android security team only rates the risk “moderate.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.