ID: IRCNE2014012085
Date: 2013-01-29
According to "computerworld", a vulnerability in Android allows malicious applications to bypass an active VPN (virtual private network) connection and force traffic from the device through an attacker-controlled system where it can be intercepted, according to security researchers from Ben-Gurion University of the Negev in Israel.
Researchers from the university's Cyber Security Labs initially reported Jan. 17 that the vulnerability affects Android 4.3, known as Jelly Bean. However, upon further investigation they were also able to reproduce it on Android 4.4 KitKat, the latest major version of the mobile OS.
VPN technology is used to create an encrypted tunnel into a private network over the public Internet. Companies rely on VPN connections to allow employees to securely connect to corporate networks from remote locations.
A malicious app can exploit the newly identified Android vulnerability to bypass an active VPN connection and route all data communications from the device to a network address controlled by an attacker, the Ben-Gurion University researchers said Monday in a blog post. "These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. The malicious application doesn't require root privileges or VPN-specific permissions, they said Tuesday via email.
Unfortunately not all applications encrypt their traffic, so there's still a lot of sensitive information that can be captured by bypassing the VPN connection and performing a MitM attack.
- 5