Clearly there is a vulnerability in which communication is intercepted by 1.4 billion Android terminals

ByFamily O'Abé

In order to make the communication by HTTP safer, encrypting communication data using SSL (TLS) is "HTTPSBut, thatPenetrationIt is still a situation that is hard to say. Under such circumstances, it is clear that vulnerabilities exist that 80% of Android terminals can easily intercept unencrypted communications via the Internet from anywhere.

Linux flaw that allow anyone to hijack Internet traffic also affects 80% of Android devices | Lookout Blog
https://blog.lookout.com/blog/2016/08/15/linux-vulnerability-android/


Linux kernelTCPCritical vulnerability "CVE-2016-5696It was revealed that there existed. This vulnerability exists in OS using Linux kernel 3.6 or higher, and it is said that it is 80% of Android 4.4 KitKat or later terminal, that is, Android terminal. In addition, we have published statistical data of various industriesStatisticAccording to 2015, Android terminal was installed in 1.8 billion units, and considering this number, 1.4 billion Android terminals worldwide are now affected by the vulnerability disclosed this time You will be receiving.

Using a vulnerability in the Linux kernel makes it possible to intercept 'unencrypted Internet traffic' from anywhere. The problem is that in order to intercept communication in the pastMan-in-the-middle attackAlthough it was necessary to put the network at risk by a method such as, it seems that it is not necessary. With this vulnerability, an attacker can remotely intercept communication contents of a certain person's unencrypted communication, and can decrypt encrypted connection of a specific terminal. At this time, while it is unnecessary to perform an intermediary attack, the attacker needs to know the source and destination IP addresses.

ByFreestocks.org

Also, for mobile terminalsSecurity applicationLookout, which provides other security solutions, says, "If your Android device is running enterprise applications, it will be more vulnerable to spy attacks." In some cases, companies are building services such as Linux-based mails on their own servers, so in such a case, there is a risk that attackers will be intercepted by the attacker using vulnerabilities. If that happens, there is also the possibility of seeing the contents of mails, text files, other data, etc. important to the company.

Linux kernel patchIs released on July 11, 2016, but a patch for the same vulnerability is not distributed on Android OS. As an easy way for users to look out, Lookout recommends using secure communications using HTTPS or VPN when browsing websites.