Own an Android smartphone or tablet? Then look out for this security flaw

Android phones

Another worrying hole in Android's security has been brought to light, and apparently this one affects almost 80% of all pieces of hardware running Google's mobile OS – which amounts to some 1.4 billion devices.

As security firm Lookout notes, this particular vulnerability is in the TCP protocol and affects Linux computers, but it also pertains to versions of Android running the Linux Kernel 3.6 – meaning devices running Android 4.4 (KitKat) and newer.

The flaw allows for a malicious party to spy on unencrypted traffic – i.e. your communications from the device – without having to breach the network to implement a traditional 'man-in-the-middle' attack to achieve this surveillance.

While that sounds bad, the truth is that the attack is still far from trivial to execute, and as Lookout observed, in terms of how difficult an exploit it is to pull off, it's been rated as 'hard'.

Lookout stated: "While a man-in-the-middle attack is not required here, the attacker still needs to know a source and destination IP address to successfully execute the attack."

Targeted attacks

Of course, it's still very concerning to see yet another vulnerability which affects a massive amount of Android devices, and there's a definite risk of malicious parties carrying out targeted attacks – something businesses should be particularly aware of (corporate data being highly prized by cybercriminals, naturally).

While a patch for the Linux kernel was concocted last month to combat this exploit, it still isn't in the latest preview version of Android Nougat.

Hopefully, though, we'll see the fix being rolled out soon enough, although as ever with Android and all its many different versions, when your device will be patched depends on a number of factors – Google implementing it into the OS being only the first step.

In the meantime, one counter-measure you can take is to ensure your internet traffic is encrypted, so the apps you use and sites you visit should employ HTTPS – or you could go further still and use a VPN (and if that's something you're considering, check out our guide to the best VPN services).

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

TOPICS