Jan 20, 2016 01:40 AM EST
Just when we thought that restricting root access was enough to keep security vulnerabilities at bay, a report of a vulnerability in the Linux kernel, one that gives hackers possible access to the kernel’s root account, made the rounds of the tech blogs. The news of this vulnerability is important to Android users because remember, Android is based on Linux.
The system loophole, or bug, was discovered by security firm Perception Point and has been dubbed as the “CVE-2016-0728,” a zero-day vulnerability. The vulnerability is called a “Zero-Day Vulnerability,” meaning a flaw that is unknown to the vendor. As of the moment, the report of the said flaw has gone viral, and yes, Linux OEMs are working round the clock to create patches for the said flaw.
According to Perception Point, this bug may affect 66 percent of Android devices. That is a vast majority of the market, and if the bug is exploited, this could mean millions of devices exposed to possible malware or even hacking.
Tech pundits are rather concerned about how the flaw could be patched on the Android, however. Given that the diversity of the Android OSes being used across the market, plus the issue of Android forking, the mere thought of rolling out a patch that could be applicable across the board is already a nightmare. However, Richard Chirgwin, writing for Security in The Register UK, points out a rather interesting concept.
According to Chirgwin, it would take around 4,294,967,296 “system calls” on a PC in order for that particular loophole to be exploited. To the layperson, this means that if a persistent hacker wanted to get at the root, it would take that amount of data cycles in order for them to get into Root, and do whatever they want to the system. On an Intel Core i7-powered PC, this amount of data took them 30 minutes to get through. So as Chirgwin analyzed, it may take an ARM-powered phone more time and more processing power to get to a point where the exploit/bug would be usable to a very persistent hacker.
Is it right for Chirgwin to downplay the flaw? Or is it right for the rest of the blogosphere to panic? In any case, the rest of the Android-using universe will have to wait for the experts to say with full finality, whether to be as concerned about this flaw as we had been with Stagefright.
The original Perception Point report: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
The report by Richard Chirgwin: http://www.theregister.co.uk/2016/01/19/linux_kernel_keyrings_get_privilege_escalation_patch/
With notes from Ars Technica: http://arstechnica.com/security/2016/01/linux-bug-imperils-tens-of-millions-of-pcs-servers-and-android-phones/
The definition of a “Zero-Day Vulnerability”: http://www.pctools.com/security-news/zero-day-vulnerability/
2. Mar 11, 2020
NearShore Technology Reveals How to Choose the Best nearshore Outsourcing Company
4. Mar 10, 2020
Why Sales Recruiters are More Important Than Ever Before
1. Feb 21, 2020
What Top Sales Experts Think Will Be Trending in 2020
2. Feb 21, 2020
Can Apps Help You with Your Money Problems?
3. Feb 13, 2020
4 Things to Include on a Resume for an Executive Position
4. Feb 13, 2020
Meet the New App That Could Change the Way You Drive