VPN bypass attack possible also on Android KitKat
Posted on 29 January 2014.
Security researchers at Ben Gurion University in Israel are on a roll when it comes to discovering Android security flaws, and they revealed the existence of a critical flaw in the latest mobile OS version.

In late December, they published their findings regarding a vulnerability they initially believed to be in Samsung's Knox architecture but turned out to be an Android 4.3 flaw that allowed attacker to perform a Man-in-the-Middle attack by bypassing VPN configurations to intercept data.

On Monday, they shared that Android 4.4 ("KitKat") is susceptible to the same attack (with some modifications).

"At first we could not reproduce it with the original vulnerability code since KitKat has a modified security implementation," the researchers noted in a blog post.

"Following an elaborate investigation we were able to reproduce the same vulnerability where a malicious app can bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."

Google has, of course, been notified both times, and the researchers understandably didn't go into specific details about their exploit or the vulnerability and won't share that information until the flaw is fixed.

They haven't mentioned if they believe the flaw is being exploited in the wild by malicious attackers, so it's safe to assume they don't know. Of course, this doesn't mean there aren't any.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st