Researchers from the security firm Lookout have discovered another Android vulnerability that may affect 80% of Android devices. The flaw would allow hackers to terminate connections, or if those connections aren’t encrypted, they could inject malware into the victim’s communications.
The vulnerability originated in version 3.6 of the Linux OS kernel back in 2012 and was included in Android’s KitKat (version 4.4). Unfortunately, it’s also been included in every version of Android since then, including the developer preview of Nougat. This means that there are somewhere in the ballpark of 1.4 billion devices affected.
Essentially, the flaw allows hackers to see if two people are communicating using a transport control protocol connection like the ones used for email and direct messaging. If the connection is encrypted, it can be terminated. If the connection isn’t encrypted then a hacker could insert malicious code into it.
The most obvious way for this flaw to be taken advantage of is to insert JavaScript into a connection that displays a message saying the victim has been logged out to whatever service they’re using and that they need to log back in. Doing so would send that information back to the hacker responsible, giving them access to the account.
Google is aware of the issue and pointed out that the vulnerability originated in Linux and not within Android itself. The good news is that the flaw has already been patched in Linux, so it’s likely it’s just a matter of time before the same is done for Android.