New Linux Zero-Day Exploit Proves My Point About Dark Android Devices

Android-BrokenA few days ago, Perception Point announced a zero-day vulnerability found in the Linux Kernel…which means that it affects the most popular OS and devices in the world: Android. The exploit–registered as CVE-2016-0728–is being claimed by Perception Point to affect 66% of Android devices around the world. That’s definitely a high number, and is worthy of concern, regardless of whether or not it’s off by a bit.

Particularly since CVE-2016-0728 can potentially give a would-be attacker root access of a computer or device, and that’s the “keys to the kingdom” that every bad actor wants to get their hands on since it gives them total control of a device and everything on it. Granted, this exploit is entirely dependent on a configuration flag called CONFIG_KEYS, which has been present in all Linux kernels since 3.8, and it requires a lot of processing time. Fortunately, the recommended configuration for the Android Linux kernel has CONFIG_KEYS disabled, so the “66% of Android devices being affected” number is likely significantly lower.linuxkernal

Also, Alphabet/Google has already chimed in and said that no Nexus devices are affected by this exploit, and anything running Android 5.0 or higher should also be fine thanks to SELinux (though whether or not SELinux is fine due to NSA involvement in its development is another story entirely). SELinux prevents third-party apps from interfacing with the kernel in the necessary way. So the only potential issue is on older devices that are still running Android 4.4 or earlier, have Linux kernel 3.8 or newer, and have CONFIG_KEYS turned on. Phones with older Android builds based on the newer kernel are extremely rare (and probably won’t get patched anyway). Again, the 66% number is likely very overblown.

But if it weren’t overblown, and the solution to CVE-2016-0728 is having up-to-date versions of Android, those that follow the device guidelines in laid out in the Dark Android Project–or even those that are sure to buy the recommended devices I write about on the Dark Android Blog–would have absolutely nothing to worry about.

My criteria for the Dark Android Project is, generally, to only purchase devices that have a proven upgrade path for their OS, be able to use CyanogenMod, or that have the ability to run alternative operating systems entirely. From the Dark Android-favorite, the 2013 Nexus 7 tablet (and again, no Nexus devices were affected by this zero-day), to even the phone side with the ASUS Zenfone 2 that uses an Intel processor allowing for almost any operating system to be loaded (and shipped with Android 5.0, anyway), everything I recommend on this site makes CVE-2016-0728 a moot exploit.

To reiterate, I chose these devices because of the very fact that they are regularly updated or configurable at the OS level, be it by the manufacturer or by a “cult” community built around the device. I am incredibly particular in what I recommend. And my need to be that particular has been proven right here by CVE-2016-0728.

Again, CVE-2016-0728 isn’t as widespread (nor really as dangerous since it’s resource-heavy to exploit) as Perception Point would have everyone believe. But zero-day exploits should always be taken seriously, and one wants to be as preventative as possible from allowing these exploits to affect you.

Keeping your operating systems, apps, and software is “Step 1”. Keeping up to date with the Dark Android Blog is another good step, I hope you find. And as I often say on my tech podcast, Sovryn Tech, being a conscious consumer with what you purchase can solve many of today’s problems, from tech to liberties.

Carpe lucem!