Israeli Android researchers demo VPN vulnerability

Malicious app can redirect traffic invisibly


The Ben Gurion University security researchers who tangled with Samsung over its KitKat security implementation have posted a follow-up, in which they demonstrate how a malicious app could bypass some VPN protections in Android.

Back in December, the university's Cyber Security Labs stated that Samsung's Knox implementation was insecure, but last week the mobe-maker and Google agreed that the problem lies in Android rather than being specific to one handset vendor.

The researchers now say that in a related vulnerability, they have used a malicious app to redirect a user's VPN connection to a server which is then able to capture user traffic. As the researchers state:

“This vulnerability enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.”

The vulnerability is demonstrated in the video below.

Youtube Video

The researchers haven't published the code for their exploit, but say they have notified Google of the vulnerability and will provide more detail once the problem has been patched.

While the vulnerability provides deep access to user communications that are supposed to be protected, it's important to note that it can only be exploited if a user can be tricked into installing a malicious application.

Also, SSL / TLS traffic remains encrypted: it can be captured, but not in plain text.

At this stage, the researchers have only tested their attack on Android 4.3 KitKat. ®


Keep Reading

UK smacks Huawei with banhammer: Buying firm's 5G gear illegal from year's end, mobile networks ordered to rip out all next-gen kit by 2027

Country to be hit with £2bn cost, massive tech delay after firm 'materially compromised' by latest US sanctions

USA decides to cleanse local networks of anything Chinese under new five-point national data security plan

‘Clean Network’ initiative bans use of Chinese clouds, names Alibaba, Baidu, and Tencent as compromised

Palo Alto Networks threatens to sue security startup for comparison review, says it breaks software EULA

'I'm not going to be bullied by someone with deeper pockets' vows Orca boss

No Huawei, America: Samsung scores $6.6bn for 5G at US giant Verizon

Remember how established carrier vendors were going to clean up after Huawei bans? Not so much, maybe ...

Samsung combines 5G, AI, drones and cloud in conspiracy ... to ease network maintenance costs

To save telco workers from climbing the greasy pole as networks get denser

Staffer emails compromised and customer details exposed in T-Mobile US's third security whoopsie in as many years

And there it is – exactly what telco was fretting over in FY'19 results

Poor, poor mobile networks. UK's comms watchdog plans to stop 'em selling locked-down handsets

First OTT apps nick their SMS revenue, now this...

UK regulator Ofcom to ban carriers from selling locked handsets to make dumping clingy networks even easier

First you could break up by text – next year you can take the phone with you

Biting the hand that feeds IT © 1998–2020