Tags: android | vpn | kitkat | flaw

Android VPN KitKat Flaw Exposes Phones, Other Device to Hackers

Wednesday, 29 Jan 2014 11:29 AM

By Michael Mullins

  Comment  |
   Contact  |
|  A   A  
  Copy Shortlink
A VPN vulnerability exists in Android's KitKat 4.4 version, according to security researchers from Ben-Gurion University's Cyber Security Labs in Israel. It allows  a malicious application to intercept information as it is entered into the smartphone, tablet or other device.

The flaw also exists in Android's Jelly Bean 4.3.

In their findings, the researchers found that the hacker can bypass a VPN connection through the app and subsequently route all data communications from the device to a network belonging to the attacker, PCWorld.com reported.

Urgent: Do You Approve Or Disapprove of President Obama's Job Performance? Vote Now in Urgent Poll

"These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed," the researchers wrote on their blog earlier in the month. "This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."

A VPN, or virtual private network, is an encrypted program that allows companies to securely connect their employees to a corporate network from remote locations.

Though the researchers demonstrated how the malicious app works in a video, seen below, they would not publish technical details as to how the breach is carried out due to the possibility that it could expose more vulnerabilities of the system, PCWorld reported.

The researchers have reportedly submitted their findings to Google, the maker of Android, and are awaiting a response from the company.

The findings were connected to a prior project involving vulnerabilities with a Samsung KNOX program, which is designed to enhance security on the Android platform.

Samsung’s response to the researchers findings prompted them to investigate the issue further and led to the discovery of the VPN bypass, PCWorld.com reported.

"In the first finding we reported to Samsung the vulnerability details and an example exploit where an attacker can intercept, block, and alter data communications (non SSL/TLS and non VPN)," the researchers wrote on their blog. "We also stressed the point that other kind of attacks can take place via the same vulnerability. In our continued investigation of the vulnerability we found that an attacker can, in fact, do much more harm."

Google has yet to respond to the alleged security breach.

Editor's Note: ObamaCare Is Here. Are You Prepared?

Related Stories:

© 2014 Newsmax. All rights reserved.

  Comment  |
   Contact  |
  Copy Shortlink
Send me more news as it happens.
Get me on The Wire
Send me more news as it happens.
Around the Web
Join the Newsmax Community
Please review Community Guidelines before posting a comment.
>> Register to share your comments with the community.
>> Login if you are already a member.
blog comments powered by Disqus
Zip Code:
Privacy: We never share your email.
Hot Topics
Follow Newsmax
Like us
on Facebook
Follow us
on Twitter
Add us
on Google Plus
You May Also Like

Passengers Push Plane on Icy Russian Runway (With Help of a Tractor)

Wednesday, 26 Nov 2014 20:45 PM

Passengers on a Russian plane got off to push the aircraft to help get it on the runway after it began slipping on ice i . . .

Bernie Tiede, Convicted Murderer Mortician, to Get New Sentencing

Wednesday, 26 Nov 2014 17:39 PM

Bernie Tiede, the mortician who was convicted of killing his companion Marjorie Nugent in 1996, will receive a new sente . . .

Chrysler Pentastar Logo Getting Phased Out With FCA Formation

Wednesday, 26 Nov 2014 15:51 PM

Chrysler's iconic Pentastar logo is being phased out as the company introduces a new logo in keeping with the newly form . . .

Top Stories

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
©  Newsmax Media, Inc.
All Rights Reserved