Researchers have recently found a critical bug in Linux kernel that can be used to compromise the security of TCP connections (even if they are encrypted, they can be terminated).
Last week, security researchers presented at the Usenix 2016 conference, a severe flaw in the TCP network protocol that can be used to intervene and interrupt remote connections between two computers. This Linux bug is found in the latest version of TCP, namely RFC 5961. It has been implemented in the Linux kernel since version 3.6, but not in Windows or Mac OS X.
Let’s talk about severity..
The risks are multiple. This vulnerability allows an attacker to know if two computers are communicating only by knowing their IP addresses. It also allows to interrupt these connections. And if the network connections are not encrypted, it also allows to inject data without having any privileged access to a network. The attacker needs only access to Internet to exploit the flaw. For example, researchers showed an attack on the USAToday.com site.
Unfortunately, this vulnerability does not concern only the servers under Linux, but also a large number of Android smartphones which, let us recall, also based on the Linux kernel. According to numbers, more than 1.4 billion terminal would be vulnerable to this attack, almost 80% of the total stock. Even the latest developer version Android Nougat is no exception (EPIC!!). No need to panic so far: this – very technical – vulnerability remains quite difficult to operate. It lends itself to targeted attacks, not a mass piracy.
The good news is that a patch has already been done. When the question is what is it will be released. In the Android ecosystem, it can take some time. In the meantime, we advises not surf that site encrypted by HTTPS, to avoid phishing attacks.