Warning: getimagesize(http://www.nitec.com/cmsfiles/images/android-resized.jpg): failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /var/www/nitec.com/site/_/lib/tc/Functions.php on line 116
Android vulnerability affects nearly 1.4 billion devices - Nitec Solutions Ltd

26/08/2016

Android vulnerability affects nearly 1.4 billion devices

It appears that the flaw made an appearance in 2012, with the introduction of version 3.6 of the Linux operating systems kernel. It has been reported that the flaw still exists within Android 4.4 (KitKat) and will be present in future versions of Android, including the latest – Nougat.

A researcher from Lookout stated that “The vulnerability allows an attacker to remotely spy on people who are using unencrypted traffic or degrade encrypted connections. While a man in the middle attack is not required here, the attacker still needs to know a source and destination IP address to successfully execute the attack.”

One of the more likely ways cyber criminals might target Android users is to insert JavaScript into otherwise legitimate internet traffic that isn’t protected by the HTTPS. The JavaScript could display a message that the user has been logged out of her account and advise to re–enter their username and password. The login credentials would then be sent to the attacker.

According to Lookout, in a recent blog post, in order to patch this vulnerability Android devices need to have their Linux kernel updated. Until the patch is released, there are some steps you can take to protect your device, such as ensuring the websites you browse and the apps you use are employing HTTPS with TLS. You can also use a VPN if you want to add an extra step of precaution.

If you would like any further advice in relation to this matter, please feel free to get in touch and we will assist you however we can.

  • Connectwise
  • Microsoft Partner Gold x 6
  • HP Enterprise
  • HP Preferred Partner, Gold
  • Aruba
  • Mimecast
  • Watchguard
  • Citrix
  • BT
  • Webroot
  • Arcserve
  • APC
  • Plantronics