Skip to content ↓ | Skip to navigation ↓

Security researchers at Ben Gurion University in Israel have disclosed the discovery of a vulnerability in Android devices that would allow an attacker to bypass VPN configurations to intercept what are intended to be secure communications.

“This vulnerability enables malicious apps  to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address,” the researchers stated.

“These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.”

The team put together the following video to demonstrate the vulnerability in action in which they employ a packet capturing tool to harvest the VPN communications in plain text:

“This vulnerability is similar to the previous vulnerability we’ve disclosed to Samsung (two weeks ago) by the fact that both of them work in a similar manner while the difference among them is the exploit target. See more info on the previous story WSJ. A detailed report on the original disclosure process will be provided soon via this blog,” the researchers stated in an update.

The researchers notified Google’s Android security team and provided details of the vulnerability and exploit, and will be posting further updates as they become available.

Read More Here…

Hacking Point of Sale
  • Bob Hobson

    One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags let someone who finds your lost stuff contact you directly without exposing your private information. I use them on almost everything I take when I travel after one of the tags was responsible for getting my lost laptop returned to me in Rome one time.