A serious security breach in kernel The Linux system has been discovered and can affect up to 66% of Android smartphones and tablets on the market. See if your device is at risk and what can be done to ensure the security of your data.
Zero-Day: The Failure
The fault is being called a Zero day, or Day Zero, and gives root access to the device, plus the ability to execute arbitrary codes and steal any data stored on the phone. In other words, if anyone exploits this vulnerability, they have full control of their smartphone.
According to the CEO of the Israeli security company that found the flaw, it hits the core of one of Linux's security functions, which allows third parties to use a malware to attack other devices, that is, the user needs to install software for it to be exploited. Also according to Yevgeny Pats, Linux and RedHat have already been warned and have prepared patches to solve the fault.
The flaw is present on all smartphones and tablets running Android 4.4 KitKat or earlier
Zero-Day: How the problem affects Android
Google uses Linux as the base of Android, so it's up to search giant to create its own patch from those prepared by Linux. After this release, manufacturers will have to add this patch For your Android versions, it will still take a long time for this problem to be solved, and knowing the manufacturers, many older smartphones will not receive any correction.
The flaw is present on all smartphones and tablets running Android 4.4 KitKat or earlier, because versions up to 4.2 Jelly Bean do not have SELinux, which makes it difficult to exploit the flaw, and, in the case of KitKat, fault of the lack of WebView update. Who is with Lollipop or Marshmallow need not worry, since these versions use a kernel more modern than Linux, which is not affected by the vulnerability.
|2.3.3 – 2.3.7||Gingerbread||3.0%|
|4.0.3 – 4.0.4||Ice cream sandwich||2.7%|
|4.1.x – 4.2.x||Jelly bean||21.2%|
This flaw once again shows that older Android devices are at great security risk. Although Google and some OEMs follow a monthly security fix plan, the vast majority of Android devices are not contained in this plan. This puts most users at risk because manufacturers and Google have chosen to upgrade only a few models.
Zero-Day: What to do
For now, there is no patch public is available for this failure, but Google should deliver a patch on the next monthly security update for Nexus, but there is no time for manufacturers to do the same. Some steps can be taken to avoid Zero-Day and malware generally:
- Do not install apps outside the Play Store and Amazon Appstore;
- Do not open app ads or browser pages;
- Do not believe messages that say your smartphone is infected or the battery is bad;
- Install one custom ROM already immunized if available for your phone.
Now wait for Google and the manufacturers to comment on this vulnerability and that this time around, the solution won't take as long as it does. Stagefright.