A vulnerability has been detected in the heart of Android, ie in the core (or kernel) of the mobile operating system. The flaw was introduced by security researchers during the USENIX Conference 2016. It affects Linux, and by extension Android. The risk is described as medium.
This is poor management of TCP connections that allows hackers to inject data in unencrypted connections. What make an attack. The flaw affects the latest version of TCP, called RFC 5961, implemented in the Linux kernel since version 3.6. Note that this flaw of TCP neither Windows key, or Mac OS X.
Side usage, the flaw allows whether two computers communicate (provided that the attacker knows the IP addresses of machines) , or to interrupt connections. If communications are not encrypted, the flaw allows to inject data.
1.4 billion terminal would be vulnerable
smartphones running Android are also victims of this flaw. The Lookout publisher estimates that more than 1.4 billion devices would be vulnerable to an attack like this, slightly less than 80% of devices running Android Park
If even the last Android developer version of Google Nougat is affected, this vulnerability of the confession specialists, is not easy to exploit. Above all, a patch was manufactured and should be released soon. Meanwhile, Lookout does not recommend surfing with your Android mobile device on sites that are not encrypted HTTPS.
To go further on the subject
No comments:
Post a Comment