Jan 20, 2016 01:40 AM EST
Just when we thought that restricting root access was enough to keep security vulnerabilities at bay, a report of a vulnerability in the Linux kernel, one that gives hackers possible access to the kernel’s root account, made the rounds of the tech blogs. The news of this vulnerability is important to Android users because remember, Android is based on Linux.
The system loophole, or bug, was discovered by security firm Perception Point and has been dubbed as the “CVE-2016-0728,” a zero-day vulnerability. The vulnerability is called a “Zero-Day Vulnerability,” meaning a flaw that is unknown to the vendor. As of the moment, the report of the said flaw has gone viral, and yes, Linux OEMs are working round the clock to create patches for the said flaw.
According to Perception Point, this bug may affect 66 percent of Android devices. That is a vast majority of the market, and if the bug is exploited, this could mean millions of devices exposed to possible malware or even hacking.
Tech pundits are rather concerned about how the flaw could be patched on the Android, however. Given that the diversity of the Android OSes being used across the market, plus the issue of Android forking, the mere thought of rolling out a patch that could be applicable across the board is already a nightmare. However, Richard Chirgwin, writing for Security in The Register UK, points out a rather interesting concept.
According to Chirgwin, it would take around 4,294,967,296 “system calls” on a PC in order for that particular loophole to be exploited. To the layperson, this means that if a persistent hacker wanted to get at the root, it would take that amount of data cycles in order for them to get into Root, and do whatever they want to the system. On an Intel Core i7-powered PC, this amount of data took them 30 minutes to get through. So as Chirgwin analyzed, it may take an ARM-powered phone more time and more processing power to get to a point where the exploit/bug would be usable to a very persistent hacker.
Is it right for Chirgwin to downplay the flaw? Or is it right for the rest of the blogosphere to panic? In any case, the rest of the Android-using universe will have to wait for the experts to say with full finality, whether to be as concerned about this flaw as we had been with Stagefright.
The original Perception Point report: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
The report by Richard Chirgwin: http://www.theregister.co.uk/2016/01/19/linux_kernel_keyrings_get_privilege_escalation_patch/
With notes from Ars Technica: http://arstechnica.com/security/2016/01/linux-bug-imperils-tens-of-millions-of-pcs-servers-and-android-phones/
The definition of a “Zero-Day Vulnerability”: http://www.pctools.com/security-news/zero-day-vulnerability/
2. 05:10 PM
Gionee F109L Leaked On TENAA With Android 7.0 Nougat, 5.0-inch HD display, 2,660mAh Battery
3. 12:30 PM
Asus X00KD Spotted On TENAA With Dual Rear Camera, Android 7.0 Nougat, 4,020mAh Battery
4. 12:30 PM
Samsung Galaxy J3 Pro Plus Launched In China With Few Design Changes
1. May 26, 2017
DJI Releases GO 4 iOS Control App For Newly Launched Spark Drone
2. May 26, 2017
iPhone 8 Updates: Leaked Images Show Bezel-less Design, OLED Display, Rear Mounted Touch Sensor & More
3. May 26, 2017
‘Yuri!!! On Ice’ Latest Updates: Plushies, Keychains & More Goodies Await Fans At Convenience Stores, Bookstores & More
4. May 26, 2017
Xiaomi Latest News: Mi Max 2 Launched With A Bigger Battery, Better Camera & More