Security researchers at Ben Gurion University in Israel who previously disclosed a vulnerability in Android Jelly Bean 4.3 that would allow an attacker to bypass VPN configurations to intercept data have identified a vulnerability in KitKat 4.4 that would allow attackers to redirect VPN traffic to a third-party server.
The earlier vulnerability enabled malicious applications to bypass VPN configurations with no root permissions required to redirect secure VPN communications to another network address to capture data in clear text.
“At first we could not reproduce it with the original vulnerability code since KitKat has a modified security implementation. Following an elaborate investigation we were able to reproduce the same vulnerability where a malicious app can bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address,” the researchers stated.
“These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure,” the team reported.
The team put together the following video to demonstrate the vulnerability in action:
The researchers notified Google’s Android security team and provided details of the vulnerability and exploit, and have been posting updates as they become available.
“Following the original report Samsung and Google collaborated on a response where they denied that our findings demonstrate a bug or a flaw in Android or Samsung KNOX. A few days ago we have published our position here,” the researchers said.
Read More Here…