Google denies recently-discovered Linux flaw is a serious Android security issue

Patrick O'Rourke

January 21, 2016 11:19am

Perception Point, a White Hat security company, recently uncovered a Linux flaw the security consultant says could affect the servers of PCs utilizing the operating system, as well as 66 percent of Android smartphones.

The vulnerability reportedly affects the OS’s kernel, giving hackers a simple way to gain access to Android’s root code execution, allowing the device to be effectively completely taken over. Google, however, denies Perception Point’s claims, particularly because the company didn’t give Android’s Security Team a chance to respond to the security issues before publicly releasing them. Security consultants like Perception Point typically uncover flaws, and then notify the company in question. According to Google, this is not how the situation played out in this case.

In a recent statement, Google said, “Since this issue was released without prior notice to the Android Security Team, we are now investigating the claims. However, we believe that the number of Android devices affected is significantly smaller than initially reported.”

According to Google, Android 5.0 and later devices, which includes most of its Nexus smartphones, are protected by a layer of security called Android SELinux policy, which prevents third-party applications from accessing root code. Google also says most devices running Android 4.4 and earlier do not feature the vulnerable code added in Linux Kernel 3.8.

Despite claims this exploit is not a serious issue, Google’s Adrian Ludwig, lead engineer for Android security, says Google has already responded and released a patch for all Android devices.

The security update is expected to be pushed out over the course of the next few days, with a deadline of March 1st, 2016 for all Android manufacturers to implement the fix.