Tags: android | vpn | kitkat | flaw

Android VPN KitKat Flaw Exposes Phones, Other Device to Hackers

By Michael Mullins   |   Wednesday, 29 Jan 2014 11:29 AM

A VPN vulnerability exists in Android's KitKat 4.4 version, according to security researchers from Ben-Gurion University's Cyber Security Labs in Israel. It allows  a malicious application to intercept information as it is entered into the smartphone, tablet or other device.

The flaw also exists in Android's Jelly Bean 4.3.

In their findings, the researchers found that the hacker can bypass a VPN connection through the app and subsequently route all data communications from the device to a network belonging to the attacker, PCWorld.com reported.

Urgent: Do You Approve Or Disapprove of President Obama's Job Performance? Vote Now in Urgent Poll

"These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed," the researchers wrote on their blog earlier in the month. "This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."

A VPN, or virtual private network, is an encrypted program that allows companies to securely connect their employees to a corporate network from remote locations.

Though the researchers demonstrated how the malicious app works in a video, seen below, they would not publish technical details as to how the breach is carried out due to the possibility that it could expose more vulnerabilities of the system, PCWorld reported.

The researchers have reportedly submitted their findings to Google, the maker of Android, and are awaiting a response from the company.

The findings were connected to a prior project involving vulnerabilities with a Samsung KNOX program, which is designed to enhance security on the Android platform.

Samsung’s response to the researchers findings prompted them to investigate the issue further and led to the discovery of the VPN bypass, PCWorld.com reported.

"In the first finding we reported to Samsung the vulnerability details and an example exploit where an attacker can intercept, block, and alter data communications (non SSL/TLS and non VPN)," the researchers wrote on their blog. "We also stressed the point that other kind of attacks can take place via the same vulnerability. In our continued investigation of the vulnerability we found that an attacker can, in fact, do much more harm."

Google has yet to respond to the alleged security breach.

Editor's Note: ObamaCare Is Here. Are You Prepared?

Related Stories:

© 2015 Newsmax. All rights reserved.

1Like our page

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
©  Newsmax Media, Inc.
All Rights Reserved