Skip to main content

Don’t panic, but a bug in Linux is leaving 80% of all Android users open to hacks

google android choice at every turn nougat
Image used with permission by copyright holder
Another month, another large-scale Android vulnerability. A massive 80 percent of Android users have been left open to hacks that could result in hackers being able to gather information such as usernames and passwords.

The recently discovered vulnerability basically allows hackers to end connections, and if those connections aren’t encrypted, they can inject malicious code into communications between the two users, according to security firm Lookout.

According to Ars Technica, the flaw was originally found in Linux 3.6, which was introduced way back in 2012. That version of Linux was introduced into Android 4.4 KitKat, and is present in all versions of Android after KitKat, including Android Nougat, the latest version of Android. That means that a hefty 80 percent of users, or around 1.4 billion users, are open to the hack. As Ars Technica notes, a way that hackers could take advantage of the flaw is to insert code into internet traffic that displays a message saying that you have been logged out of an account and prompting you to log in again. Once you’ve inputted your username and password, the hackers can use that information for themselves.

“The issue should be concerning to Android users as attackers are able to execute this spying without traditional ‘man-in-the-middle’ attacks through which they must compromise the network in order to intercept the traffic,” said Andrew Blaich in a blog post for Lookout.

It’s important to note that the flaw goes beyond Android — it was introduced in the Linux kernel, which means that any software based on Linux could be open to it.

According to Google, engineers are aware of the flaw and are working on a way to patch it — so while it does appear in the latest version of Android, Android 7.0 Nougat, it’s likely we’ll see a patched version of the operating system once it’s finally released to the public.

Editors' Recommendations

Christian de Looper
Christian’s interest in technology began as a child in Australia, when he stumbled upon a computer at a garage sale that he…
On Pixel 4 battery, Google’s various teams don’t see pixel-to-pixel
Pixel 4 XL iPhone 11 Pro Samsung Galaxy Note 10 Plus

Despite all its machine learning prowess, Google doesn't learn.

Look at my Google Pixel phone reviews, from the original in 2016 and the Pixel 2 in 2017 to the Pixel 3 XL and the latest Pixel 4 XL: You'll notice the constant pain point in every review has been battery life. How is this a hard problem to solve?

Read more
Don’t expect to see a 5G Pixel 4 and the Pixel Watch at Made by Google today
Pixel 3

Update: Google did not announce the Pixel Watch at it's October Pixel event. Which leaves us asking, where is it?

Made by Google 2019 is just around the corner, and there's no shortage of new tech to get excited about. However, right at zero hour, it seems there are two pieces of new hardware we won't be seeing -- a 5G-enabled Pixel 4, and the extremely long-awaited Pixel Watch.

Read more
The Pixel 4’s coolest new feature means you don’t have to touch it
5 features i want to see in the google pixel 4

When Apple introduced Face ID on the iPhone X in 2017, many other companies were quick to launch their own version of the facial-recognition technology. Now, however, it looks like Google will include not only facial recognition on the Pixel 4, but will take it a step further by including gesture-based controls, essentially meaning that you can use the phone without even touching it.

Google showed off the tech in a new video posted to Twitter, and in a blog post in which a user can be seen unlocking the phone, then waving her hand to skip through songs on a playlist. This kind of tech could come in handy when your hands are dirty and you don't want to touch your phone.

Read more