The Linux Kernel Flaw That Puts Android Devices at Risk

Linux Flaw
Sandia Labs/Flickr

Jan 21, 2016

Just a couple of days ago, Perception Point, an Israeli cybersecurity firm, discovered a zero-day security vulnerability in the Linux kernel that powers an infinite number of servers, desktop PCs and, most importantly, Android-powered mobile devices. A hacker wanting to take advantage of this vulnerability, could gain root-level privileges on a device and either gain unauthorized access to data or execute code as per his will.

More about the Linux Kernel Flaw

According to experts, the reason for the flaw lies in the core Linux kernel, which is much the same on servers, PCs and Android devices. This flaw, which has been assigned the name CVE-2016-0728, is believed to have impacted over 60 percent of all Android-powered devices. Incidentally, this flaw first made an appearance as early as 2012 in the Linux version 3.8 and still exists on both 32-bit and 64-bit Linux-based systems.

The disturbing thing here is that the vulnerability has been in existence for nearly 3 years and has potentially permitted hackers to gain unauthorized control over Linux-run servers, PCs, Android and other embedded devices. It basically arises from the kernel’s keyring facility and allows apps running under local user to execute code in the kernel. This means that the vulnerability could put users’ sensitive information, including authentication and encryption keys, at risk of exposure.

How it could Pose a Threat to Android

The thing that could potentially make this vulnerability a major concern is that it affects all architectures, including ARM. This automatically implies, that all Android devices running Android 4.4 KitKat and later, stand to be impacted by it. Currently, this accounts for almost 70 percent of all Android devices.

The Android OS is already known for its high degree of fragmentation and update delays. Google shares security patches with device manufacturers, who then apply them separately. The company distributes other updates in association with the concerned mobile carriers. To further complicate matters, most of these devices receive software support only for a period of 18 months, after which they do not receive any more updates or patches. This goes to imply that many device users, especially the ones that use older Android devices, may never get to avail the latest updates and bug fixes.

This incident would seem to indicate to users that older Android versions would no longer be safe for use and that they should constantly be upgrading their devices in order to experience the latest security features and other functionality. That too would be an impractical solution to the problem – not everyone would be willing to keep changing their smartphone or tablet once in every couple of years.

So far, the mobile industry has been exposed to types of mobile malware that have been somewhat unsophisticated. To date, no hack attack has posed a real, serious threat to users. However, the fact remains that Android is a soft target for malware and it could be just a matter of time before someone launches a massive attack on its existing vulnerabilities.

What Linux and Google Plan to Do

Fortunately, though the vulnerability exists, no hack attack has been spotted yet. However, security experts will now be digging deeper to find if this flaw was exploited sometime in the recent past. Linux and Red Hat security teams are already working to issue related patches – they should be available by the end of this week. However, there are bound to be some systems which may still remain vulnerable, at least for some time.

Google could not give an immediate and definitive answer as to when the flaw would be patched within the Android code base. This ecosystem, being open source, it would be up to device manufacturers and developers to add and distribute the patch to their customers. In the meantime, Google, as always, would continue issuing monthly updates and bug fixes for its Nexus line of Android devices. The giant plans to support each of its models for at least 2 years after the date of initial sale in its online store