Last week, security researchers presented on the occasion of the USENIX Conference 2016, a flaw in the TCP protocol to detect and modify remote connection between two computers. This vulnerability affects the latest version of TCP, namely RFC 5961. It was implemented in the Linux kernel since version 3.6, but not in Windows or Mac OS X.
The risks are many. This vulnerability allows an attacker to whether two computers are trying to communicate just by knowing their IP addresses. It also helps to stop these connections. And if they are not encrypted, it also allows to inject data, and without privileged access to any network. Just simply it access to the Internet. For example, researchers have shown an attack on the site USAToday.com.
Unfortunately, this flaw is not just about Linux servers, but also a large number of Android smartphones which, remember, are also based on the Linux kernel. The Lookout editor just do the math. He said more than 1.4 billion devices would be vulnerable to this attack, almost 80% of the total fleet. Even the latest Android Developer Nougat is no exception. No need to panic however: this vulnerability – very technical – still quite difficult to exploit. It is better suited for targeted attacks, not a mass piracy.
The good news is that a patch has already been achieved. The question is when will it be released. In the Android ecosystem, it may take some time. Meanwhile, Lookout advises not surf as encrypted HTTPS sites, to prevent phishing attacks.
Note blog Lookout