VPN bypass attack possible also on Android KitKat
Posted on 29 January 2014.
Security researchers at Ben Gurion University in Israel are on a roll when it comes to discovering Android security flaws, and they revealed the existence of a critical flaw in the latest mobile OS version.

In late December, they published their findings regarding a vulnerability they initially believed to be in Samsung's Knox architecture but turned out to be an Android 4.3 flaw that allowed attacker to perform a Man-in-the-Middle attack by bypassing VPN configurations to intercept data.

On Monday, they shared that Android 4.4 ("KitKat") is susceptible to the same attack (with some modifications).

"At first we could not reproduce it with the original vulnerability code since KitKat has a modified security implementation," the researchers noted in a blog post.

"Following an elaborate investigation we were able to reproduce the same vulnerability where a malicious app can bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."

Google has, of course, been notified both times, and the researchers understandably didn't go into specific details about their exploit or the vulnerability and won't share that information until the flaw is fixed.

They haven't mentioned if they believe the flaw is being exploited in the wild by malicious attackers, so it's safe to assume they don't know. Of course, this doesn't mean there aren't any.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th