Tags: android | vpn | kitkat | flaw

Android VPN KitKat Flaw Exposes Phones, Other Device to Hackers

Wednesday, 29 Jan 2014 11:29 AM

By Michael Mullins

A VPN vulnerability exists in Android's KitKat 4.4 version, according to security researchers from Ben-Gurion University's Cyber Security Labs in Israel. It allows  a malicious application to intercept information as it is entered into the smartphone, tablet or other device.

The flaw also exists in Android's Jelly Bean 4.3.

In their findings, the researchers found that the hacker can bypass a VPN connection through the app and subsequently route all data communications from the device to a network belonging to the attacker, PCWorld.com reported.

Urgent: Do You Approve Or Disapprove of President Obama's Job Performance? Vote Now in Urgent Poll

"These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed," the researchers wrote on their blog earlier in the month. "This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."

A VPN, or virtual private network, is an encrypted program that allows companies to securely connect their employees to a corporate network from remote locations.

Though the researchers demonstrated how the malicious app works in a video, seen below, they would not publish technical details as to how the breach is carried out due to the possibility that it could expose more vulnerabilities of the system, PCWorld reported.

The researchers have reportedly submitted their findings to Google, the maker of Android, and are awaiting a response from the company.

The findings were connected to a prior project involving vulnerabilities with a Samsung KNOX program, which is designed to enhance security on the Android platform.

Samsung’s response to the researchers findings prompted them to investigate the issue further and led to the discovery of the VPN bypass, PCWorld.com reported.

"In the first finding we reported to Samsung the vulnerability details and an example exploit where an attacker can intercept, block, and alter data communications (non SSL/TLS and non VPN)," the researchers wrote on their blog. "We also stressed the point that other kind of attacks can take place via the same vulnerability. In our continued investigation of the vulnerability we found that an attacker can, in fact, do much more harm."

Google has yet to respond to the alleged security breach.

Editor's Note: ObamaCare Is Here. Are You Prepared?

Related Stories:

© 2015 Newsmax. All rights reserved.

Around the Web
Join the Newsmax Community
Please review Community Guidelines before posting a comment.
>> Register to share your comments with the community.
>> Login if you are already a member.
blog comments powered by Disqus
Zip Code:
Privacy: We never share your email.
Hot Topics
Follow Newsmax
Like us
on Facebook
Follow us
on Twitter
Add us
on Google Plus
You May Also Like

Bound Brook Teens' Shoveling Venture Squashed by Cops During Storm

Wednesday, 28 Jan 2015 15:48 PM

Social media has helped shine a national spotlight on two teens in Bound Brook, New Jersey, who were stopped by police w . . .

Michelle Obama's Lack of Headscarf During Saudi Trip Angers Critics

Wednesday, 28 Jan 2015 15:19 PM

Michelle Obama is facing a barrage of criticism after appearing without a headscarf during an appearance in Saudi Arabia . . .

Budweiser Super Bowl 2015: Commercial Reunites Puppy With Clydesdales

Wednesday, 28 Jan 2015 14:53 PM

Budweiser has revealed its 2015 Super Bowl ad, a continued look at the relationship between its Clydesdales and a puppy  . . .

Top Stories

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
©  Newsmax Media, Inc.
All Rights Reserved