Vulnerability Discovered in Android’s VPN Connection

Vulnerability Discovered in Android’s VPN Connection

Researchers from Cyber Security Labs at Ben Gurion University discovered a vulnerability in Samsung’s KNOX security platform for Android, last month. That same team has now uncovered vulnerabilities in Android’s VPN which enables malware to redirect traffic to an unsecured network.

The vulnerability was first found affecting the Jelly Bean version of Android, but Cyber Security Labs later discovered the vulnerability also exists on KitKat, Google’s latest version of the Android operating system.

According to Cyber Security Labs:

“…a malicious app can bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.”

Android robot

No details were given about the vulnerability itself, but they did provide video of Android’s VPN being exploited.

Cyber Security Labs has contacted Google about the vulnerability and they are awaiting a response.

An update on the Samsung KNOX vulnerability: Samsung and Google teamed up on a response to Cyber Security’s findings and concluded this issue is not a vulnerability, but a traditional man-in-the-middle type of attack. You can read that full response here.

We’ll continue to follow these stories and share any outcome, if any.

ABOUT THE AUTHOR

Armando Orozco

Senior Malware Intelligence Analyst

Faux geek who likes to keep it bland. Experienced in behavioral, PC, and mobile technologies.