Major Linux and Android exploit exposed by Israeli cyber security firm
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email

Coding application by programmer developer. Photo credit: McIek / Shutterstock

Coding application by programmer developer. Photo credit: McIek / Shutterstock

Perception Point announced on Tuesday that they have discovered a vulnerability in Linux code that they say puts 66% of all Android devices at risk

The Israeli cyber security firm Perception Point announced on Tuesday that they have discovered a vulnerability in Linux code that they say puts 66% of all Android devices as well as tens of millions of machines running the software at risk for hackers to take control of devices.

The zero day exploit identified just over a month ago by the Perception Point team opens the door for taking root control over these devices utilizing only low level permissions.

Perception Point’s CEO Yevgeny Pats tells Geektime that the exploit found in the keyring feature that runs on systems operating Linux’s 3.8 software and above resides in the core kernel.

His research team identified the vulnerability while they were developing their security agent for Linux systems. The company is currently building a proactive security product aimed at protecting machines running Windows, Linux, and OS X.

Upon this discovery, Perception Point approached Linux distributor Red Hat’s David Howell, who authored the feature’s code. A patch for the exploit was released today at 7:00 am EST. Pats tells Geektime that they have also contacted other Linux distributors, alerting them to the vulnerability.

At this point, Pats says that he is unaware of any malware that is using this vulnerability to carry out attacks, but says that now that it is being made public, some of the bigger labs like Kaspersky may find that it has been utilized by some of the viruses that they are currently tracking.

Pats notes that for the attacker to gain access to the device through a legitimate app, it must be performed locally. However, hackers can use phishing techniques or other exploits to attain initial access onto the device and then follow through to achieve full root control.

It is worth noting that the keyring feature where the vulnerability was found has caused controversy in the past, with Linux’s principal author Linus Torvalds (warning, this guy uses a lot of foul language) reportedly having opposed Red Hat’s expansion of the original feature.

Founded in 2015, Perception Point was co-founded by Pats, CTO Shlomi Levin, and VP of R&D Michael Aminov. They have received funding from State of Mind Ventures, which is run by the former head of Israel’s 8200 military intelligence unit – Yuval Baharav – and Pinhas Buchris. All three served in elite intelligence units in the IDF before branching out to the private sectors, working at high level security firms that have been integrated into IBM, Palo Alto Networks, and PayPal.

Immediate actions to close the vulnerability

Pats recommends that all Android and Linux users update their devices as soon as possible.

He notes that while Red Hat’s patch should be sufficient to insulate vulnerable devices, many older machines no longer update automatically, leaving them open to the exploit if left unattended.

The widespread reliance on Linux-based systems across the tech world and its use as the basis of open source platforms like Android make this a serious vulnerability if left unchecked.

Featured image credit: McIek / Shutterstock

Share on:Share
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email
Gabriel Avner and Yaneev Avital

About Gabriel Avner and Yaneev Avital


Gabriel has an unhealthy obsession with new messaging apps, social media and pretty much anything coming out of Apple. An experienced security and conflict consultant, he has written for The Diplomatic Club, the Marine War College, and covers military affairs with TLV1 radio. He mostly enjoys reading articles wherever his ADD leads him to and training Brazilian Jiu Jitsu. EEED 44D4 B8F4 24BE F77E 2DEA 0243 CBD1 3F7C F4B6 Yaneev is a copywriter, a geek, a dad, in no particular order.

More Goodies From News


Russia in talks with US to create cybersecurity working group

FBI warns parents: Internet-connected toys can spy on your kids

Top 10 tech startups lighting up London