icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm

Linux flaw puts millions of PCs, Android smart devices at risk

Linux flaw puts millions of PCs, Android smart devices at risk
All PCs, smartphones, and other gadgets running Linux-based systems such as Android are susceptible to extremely intrusive hacks due to a three-year-old flaw that was only discovered on Tuesday. Now the race to patch and secure millions of devices is on.

Known as a zero-day exploit, the Linux bug was unknown to the manufacturer, so is now vulnerable to attack before fixes, upgrades, and replacements are fully ready.

Discovery of what is identified as CVE-2016-0728 was made by Israeli defense startup Perception Point. By working with Linux researchers, Perception Point found that by manipulating the central Linux kernel, an app or user could gain unlimited control over the root systems. The problem has existed since Linux version 3.8, which is also present in devices running the Android version KitKat or better, or about two-thirds of all Android products.

The trouble lies in the keyring, part of the kernel that stores sensitive security information like encryption keys. Even built-in or add-on security features like “supervisor mode access prevention” and “supervisor mode execution protection” are still not enough protection to absolutely guarantee against hackers.

A fix is anticipated from top distributors of Linux this week, but it could be months or years before millions of Android handset or embedded device users are squared away, due to the fact their software updates are not prompted automatically. While Perception Point says the sensitivity has yet to be exploited, the risk is still real for now.

Dear readers and commenters,

We have implemented a new engine for our comment section. We hope the transition goes smoothly for all of you. Unfortunately, the comments made before the change have been lost due to a technical problem. We are working on restoring them, and hoping to see you fill up the comment section with new ones. You should still be able to log in to comment using your social-media profiles, but if you signed up under an RT profile before, you are invited to create a new profile with the new commenting system.

Sorry for the inconvenience, and looking forward to your future comments,

RT Team.