Bad news for Android phone owners and enthusiasts, according to recent reports.
A flaw in the OS’ Linux kernel has the potential to be the backdoor through which cyberattackers could gain easy access to the phones of millions of Americans, not to mention Linux computers and servers running nationwide.
The flaw was found by Perception Point, and the cybersecurity firm indexed it as CVE-2016-0728. Not a new mistake — the bug has reportedly been around for almost three years, since Linux kernel version 3.8 was released in 2013. The company recently developed a proof-of-concept exploit and reported the flaw to developers who maintain the kernel.
The exploit of said flaw involves an attacker using local access to servers to gain total root access. On a phone running Android 4.4 (KitKat) or later, an attacker could implant malware that could then be used to take over most of the phone’s functions.
“This vulnerability has implications for approximately tens of millions of Linux PCs and servers and 66 percent of all Android devices,” Perception Point noted.
There are currently 1.4 billion Android-powered phones and tablets on Earth, so the exploit could have some pretty big scale.
Could have but, so far, has not had. According to Perception Point, no cases of an actual attacker leveraging this flaw have been found in the wild, so to speak, which is good.
But until a patch or Linux update is issued, the possibility will remain.