Own an Android smartphone or tablet? Then look out for this security flaw

Android phones

Another worrying hole in Android's security has been brought to light, and apparently this one affects almost 80% of all pieces of hardware running Google's mobile OS – which amounts to some 1.4 billion devices.

As security firm Lookout notes, this particular vulnerability is in the TCP protocol and affects Linux computers, but it also pertains to versions of Android running the Linux Kernel 3.6 – meaning devices running Android 4.4 (KitKat) and newer.

The flaw allows for a malicious party to spy on unencrypted traffic – i.e. your communications from the device – without having to breach the network to implement a traditional 'man-in-the-middle' attack to achieve this surveillance.

While that sounds bad, the truth is that the attack is still far from trivial to execute, and as Lookout observed, in terms of how difficult an exploit it is to pull off, it's been rated as 'hard'.

Lookout stated: "While a man-in-the-middle attack is not required here, the attacker still needs to know a source and destination IP address to successfully execute the attack."

Targeted attacks

Of course, it's still very concerning to see yet another vulnerability which affects a massive amount of Android devices, and there's a definite risk of malicious parties carrying out targeted attacks – something businesses should be particularly aware of (corporate data being highly prized by cybercriminals, naturally).

While a patch for the Linux kernel was concocted last month to combat this exploit, it still isn't in the latest preview version of Android Nougat.

Hopefully, though, we'll see the fix being rolled out soon enough, although as ever with Android and all its many different versions, when your device will be patched depends on a number of factors – Google implementing it into the OS being only the first step.

In the meantime, one counter-measure you can take is to ensure your internet traffic is encrypted, so the apps you use and sites you visit should employ HTTPS – or you could go further still and use a VPN (and if that's something you're considering, check out our guide to the best VPN services).

TOPICS

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Phone & Communications
GlocalMe KeyTracker
When I tested this global tracker, it trounced the Apple AirTag in so many ways
Privacy Hero II
Privacy Hero II VPN Router
ThinkPhone 25 by Motorola
I reviewed the ThinkPhone 25 by Motorola and while it's not as fast as its predecessor, it's the superior phone in so many ways
FRITZ!Box 7690 WiFi 7 Router
FRITZ!Box 7690 router review
Ulefone Armor Pad 4 Ultra Thermal
Ulefone Armor Pad 4 Ultra Thermal rugged tablet review
Unihertz Tank Pad 8849
Unihertz Tank Pad 8849 rugged tablet review
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring