Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

VPN bypass vulnerability affects Android Jelly Bean and KitKat, researchers say

Lucian Constantin | Jan. 29, 2014
A vulnerability in Android allows malicious applications to bypass an active VPN (virtual private network) connection and force traffic from the device through an attacker-controlled system where it can be intercepted, according to security researchers from Ben-Gurion University of the Negev in Israel.

Samsung's response prompted the researchers to investigate the issue further and led to the discovery of the VPN bypass.

"In the first finding we reported to Samsung the vulnerability details and an example exploit where an attacker can intercept, block, and alter data communications (non SSL/TLS and non VPN)," the researchers said in a blog post about the issue last Thursday. "We also stressed the point that other kind of attacks can take place via the same vulnerability. In our continued investigation of the vulnerability we found that an attacker can, in fact, do much more harm."

However, while the vulnerability can be used to bypass VPN connections, it cannot be used to inspect traffic that was already encrypted at the application layer.

For example, if an Android email app connects to an email server using SSL, its traffic will be encrypted regardless of whether it passes over a VPN connection or not. The same is true for connections to HTTPS-enabled websites or connections using other secure data transport protocols.

Unfortunately not all applications encrypt their traffic, so there's still a lot of sensitive information that can be captured by bypassing the VPN connection and performing a MitM attack.

Google did not immediately respond to a request for comment.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.