Tags: android | vpn | kitkat | flaw

Android VPN KitKat Flaw Exposes Phones, Other Device to Hackers

Wednesday, 29 Jan 2014 11:29 AM

By Michael Mullins

Share:
  Comment  |
   Contact Us  |
  Print  
|  A   A  
  Copy Shortlink
A VPN vulnerability exists in Android's KitKat 4.4 version, according to security researchers from Ben-Gurion University's Cyber Security Labs in Israel. It allows  a malicious application to intercept information as it is entered into the smartphone, tablet or other device.

The flaw also exists in Android's Jelly Bean 4.3.

In their findings, the researchers found that the hacker can bypass a VPN connection through the app and subsequently route all data communications from the device to a network belonging to the attacker, PCWorld.com reported.

Urgent: Do You Approve Or Disapprove of President Obama's Job Performance? Vote Now in Urgent Poll

"These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed," the researchers wrote on their blog earlier in the month. "This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."

A VPN, or virtual private network, is an encrypted program that allows companies to securely connect their employees to a corporate network from remote locations.

Though the researchers demonstrated how the malicious app works in a video, seen below, they would not publish technical details as to how the breach is carried out due to the possibility that it could expose more vulnerabilities of the system, PCWorld reported.

The researchers have reportedly submitted their findings to Google, the maker of Android, and are awaiting a response from the company.

The findings were connected to a prior project involving vulnerabilities with a Samsung KNOX program, which is designed to enhance security on the Android platform.

Samsung’s response to the researchers findings prompted them to investigate the issue further and led to the discovery of the VPN bypass, PCWorld.com reported.

"In the first finding we reported to Samsung the vulnerability details and an example exploit where an attacker can intercept, block, and alter data communications (non SSL/TLS and non VPN)," the researchers wrote on their blog. "We also stressed the point that other kind of attacks can take place via the same vulnerability. In our continued investigation of the vulnerability we found that an attacker can, in fact, do much more harm."

Google has yet to respond to the alleged security breach.





Editor's Note: ObamaCare Is Here. Are You Prepared?

Related Stories:

© 2014 Newsmax. All rights reserved.

Share:
  Comment  |
   Contact Us  |
  Print  
  Copy Shortlink
Send me more news as it happens.
 
 
Get me on The Wire
Send me more news as it happens.
Around the Web
Join the Newsmax Community
Please review Community Guidelines before posting a comment.
>> Register to share your comments with the community.
>> Login if you are already a member.
blog comments powered by Disqus
 
Email:
Retype Email:
Country
Zip Code:
Privacy: We never share your email.
 
Follow Newsmax
Like us
on Facebook
Follow us
on Twitter
Add us
on Google Plus

Newsmax, Moneynews, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, NewsmaxWorld, NewsmaxHealth, are trademarks of Newsmax Media, Inc.

 
NEWSMAX.COM
America's News Page
©  Newsmax Media, Inc.
All Rights Reserved