The vulnerability (CVE-2016-5696), was introduced into the Linux kernel version 3.6, which was introduced in the year 2012 and became a part of Android from version 4.4 Kitkat and the worst part is that it is present in the latest version of android that is 6.0 Marshmallow, and will be also available in upcoming Android 7.0 Nougat as well. Lookout said, “The issue should be concerning to Android users as attackers are able to execute this spying without traditional “man-in-the-middle” attacks through which they must compromise the network in order to intercept the traffic” that means hackers can spy on communications without even terminating your network via the man-in-the-middle attack. But there is also one good news. The Linux vulnerability is not easy to exploit. Lookout said in Blog post “While a man in the middle attack is not required here, the attacker still needs to know a source and destination IP address to successfully execute the attack.” Google representative said arstechnica that they are aware of the vulnerability and are “taking the appropriate actions” to fix the issue as soon as possible. Meanwhile, you can perform few remedies to fix the vulnerability until the patch arrives. Here are the suggestions from Lookout:
Encrypt your communications to prevent them from being spied on. This means ensuring the websites you browse to and the apps you use are employing HTTPS with TLS. You can also use a VPN if you want to add an extra step of precaution. If you have a rooted Android device you can make this attack harder by using the sysctl tool and changing the value for net.ipv4.tcp_challenge_ack_limit to something very large, e.g. net.ipv4.tcp_challenge_ack_limit = 999999999 We are not aware of PoCs exploiting this new vulnerability and anticipate Google will patch in the next Android monthly patch. In the meantime, we will continue to monitor for exploits.