© Reuters Godless Android malware affects Android Lollipop devices |
Last week, security researchers discovered a vulnerability in the Transmission Control Protocol (TCP) used by Linux that allows an attacker to remotely spy on people using unencrypted connections using just an IP address.
The vulnerability affects the Linux Kernel 3.6, which was introduced to Android smartphones during the update to Android version 4.4 KitKat, all the way up to the latest version. Lookout estimates that this equates to approximately 1.4bn devices, or 79.9 percent of the Android ecosystem.
The vulnerability is classified as CVE-2016-5696, which means it is of medium severity. According to Lookout, enterprises running mobility programmes are particularly at risk, and are advised to check if any of their communications services are unencrypted. If so, it could be possible for hijackers to access and manipulate sensitive information including corporate emails, files and documents.
In order to patch the vulnerability, Android devices need to have their Linux kernel updated. However, Lookout claims that the kernel is yet to be patched in the latest developer preview of Android 7.0 Nougat.
There are steps users can take to safeguard themselves in the meantime, the most basic of which is ensuring all the websites and apps you use are encrypted and use HTTPS with TLS. You can also use a VPN as an added layer of protection.
additional detail methods for the more technically-inclined among you, are
detailed here by Lookout.
Source: Lookout
Android 4.4 KitKat or Above is at Risk of Spying Attacks according to Lookout
Reviewed by E.A Olatoye
on
August 17, 2016
Rating:
No comments:
Your comments and recommendations will be appreciated