Android VPN Vulnerability Allows Data Interception in Plain Text

Monday, January 20, 2014

Anthony M. Freed


Security researchers at Ben Gurion University in Israel have disclosed the discovery of a vulnerability in Android devices that would allow an attacker to bypass VPN configurations to intercept what are intended to be secure communications.

“This vulnerability enables malicious apps  to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address,” the researchers stated.

“These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.”

the team put together the following video to demonstrate the vulnerability in action in which they employ a packet capturing tool to harvest the VPN communications in plain text:

“This vulnerability is similar to the previous vulnerability we’ve disclosed to Samsung (two weeks ago) by the fact that both of them work in a similar manner while the difference among them is the exploit target. See more info on the previous story WSJ. A detailed report on the original disclosure process will be provided soon via this blog,” the researchers stated in an update.

The researchers notified Google’s Android security team and provided details of the vulnerability and exploit, and will be posting further updates as they become available. Read more here.

Cross Posted from Tripwire's State of Security

Possibly Related Articles:
VPN Android vulnerability
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.