Looks like Android phone owners have a new bug to worry about.
According to reports this morning in The Next Web, a bug first discovered in version 3.6 of the Linus OS kernel (released about 4 years ago) makes it easy for hackers to cut off the phone from servers and apps. The reports further indicate that a particularly clever or enterprising hacker could use the exploit to spy on any unencrypted data traffic into and out of the phone, or use it to insert malware into the phone owner’s data.
First discovered by security firm Lookout, the find is a cause for concern because the flaw exists in any Android phone running the KitKat 4.4 OS or a later edition. That means about 80 percent of all Android devices – or 1.4 billion smartphones – could be affected by attacks.
The good news? The flaw is hard to use – it would take a full minute to attack any individual user, meaning most hackers will leave this method by the wayside in favor of something more efficient if they are targeting large groups.
If, however, the goal is to take on an individual, the bad news is that this attack is perfect for it.
According to Google, company engineers are aware of the flaw and currently are working to take “appropriate action.” What exactly that vague description means is up in the air – but since vulnerability CVE-2016-5696 (the original flaw in Linux that makes the attack possible) has already been patched in the Linux kernel, it’s likely that a fix for Android will arrive soon and be similarly constituted.