Here’s one for the Android users – a new vulnerability has been found that could affect about 1.4 Billion of total Android users worldwide, amounting to nearly 80% of all Android devices.
The bug was found starting in Linux version 3.6, so it makes sense that so many devices were affected. This Linux bug is able to launch a phishing attack through the operating system; if you use unencrypted wireless, your device could be the next target.
Here’s how it works: attackers are able to target a vulnerability in the Linux operating system that is within a kernel. A kernel is the central part of the operating system (obviously a big deal) and manages the tasks of the computer and hardware, specifically memory and CPU time. But before this Linux bug gets into the nitty gritty of the operating system, an attacker needs to determine whether two parties are linked – an example would be the Android user in question and any major corporation. From there, the Linux bug can successfully inject malicious content if the user has an unencrypted connection. By terminating the unencrypted internet connection, the attacker sends a prompt to log back into the site they were visiting (meaning they would have to understand the user’s browsing habits). The information is keyed into the fake login page provided by the attacker, who in turn receives that data. Initial findings show that it would be extremely time consuming to exploit this vulnerability for a large group of people, instead making it much easier to target a particular person once you know a few minor facts about their online activity.
In a statement provided to Ars, Google advised that they are aware of the issue and are taking “appropriate actions,” but were quick to point out that it is a bug in the Linux kernel, and is not Android specific. They further advised that on their overall risk-tracking this issue rates “moderate.” Bottom line: be aware of the latest threats to your cyber safety, and learn how your organization can benefit from outside experts like Neovera. With 24×7 managed and monitored support for your vital data and infrastructure, rest assured that vulnerabilities like the one described above are taken care of with utmost precision.