Linux traffic hijack flaw also affects most Android phones, tablets

About 80 percent of all Android devices are affected, but "exploitability is hard."
Written by Zack Whittaker, Contributor

(Image: CNET/CBS Interactive)

As many as 80 percent of Android devices are vulnerable to a recently disclosed Linux kernel vulnerability.

Security firm Lookout said in a blog post on Monday that the flaw affects all phones and tablets that are running Android 4.4 KitKat and later, which comes with the affected Linux kernel 3.6 or newer.

According to recent statistics, the number of devices affected might run past 1.4 billion phones and tablets -- including devices running the Android Nougat developer preview.

Windows and Macs are not affected by the vulnerability.

The flaw, disclosed at the Usenix security conference last week, is complicated and difficult to exploit. If an attacker can pull off an exploit, they could inject malicious code into unencrypted web traffic from "anywhere". However, the source and destination IP address would need to be known in order to intercept the traffic, adding to the complexity of carrying out a successful attack.

That might not be so difficult for well-resourced attackers, who are in a privileged position on the network, such as nation states.

Even if the connection is encrypted, an attacker could still determine and terminate a connection -- even if they cannot read web traffic. This kind of attack could be used to degrade a privacy and anonymity service, like Tor.

A patch for Linux was issued on July 11, but was not available in time for the latest Android monthly patching schedule.

It's likely that the vulnerability will be patched in the upcoming September set of patches, which will among other things also fix the highly publicized Quadrooter flaw.

Editorial standards