The vulnerability would allow hackers to hijack a user’s web connection and then gain access to the device, effectively allowing them to spy on the victim.
Discovered by San Fransisco-based security firm Lookout, this major hole in Android could affect up to 1.4 billion devices.
In a blog post, Lookout explains that was makes this particular vulnerability so dangerous is that it doesn’t require any of the usual extra legwork that’s usually required when trying to hack a person’s web connection.
Normally hackers must compromise the entire network before being able to intercept any of the web browsing history from a specific user.
There is some small semblance of good news in all of this however.
The hack itself is far from easy. For a person to gain access to the web traffic they’ll need to know both the source and destination IP address in order to successfully carry out the attack.
“The vulnerability has been assigned CVE-2016-5696, which is a medium severity. The exploitability is hard, but the risk is there especially for targeted attacks.” explains blog author, Andrew Blaich.
Lookout warns that the main targets for this vulnerability could well be office workers. The loophole could be used to target unencrypted email communications through high-profile executives or low-level employees who simply have access to their company email on their smartphone.
The bug is actually part of a larger problem within Linux, the operating system upon which Android and many of today’s most popular software operating systems are based.
Lookout has noticed that Google still haven’t patched the bug in the latest version of Android (Nougat), however that’s most likely because the patch wasn’t available when Android was pushed out.