A recently discovered Linux exploit is putting the security of up to 80% Android smartphones at stake, says a blog report by Lookout, a mobile security firm. It says that this exploit is capable of allowing attackers to intercept unencrypted web traffic and spy on users.
According to the security researchers, Linux is using its vulnerability in the Transmission Control Protocol (TCP) which helps attackers to remotely spy on android users with the help of their IP addresses.“We can estimate then that all Android versions running the Linux Kernel 3.6 (approximately Android 4.4 KitKat) to the latest are vulnerable to this attack or 79.9% of the Android ecosystem,”the blog report said.
The report further states that the vulnerability is of medium severity and enterprises running mobility programmes are particularly at risk.These enterprises are advised to check if any of their communications services are unencrypted as unencrypted data can allow the attackers to access and manipulate sensitive information including corporate emails, files and documents.
In order to patch this vulnerability Android devices need to have their Linux kernel updated. Fortunately, there are a few remedies a user can do until the patch is released: