Thursday, January 19, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
U.S. ITC Begins Patent Probe of GPU, DDR Memory Controllers
U.S. To Investigate Whether Fujifilm Violated Sony Magnetic Tape Patents
Mozilla Unveils New Logo, Brand Identity
Samsung Bribery Case May Trigger U.S. Legal Authorities Too
Updated Google App For Android Will Save Results If Your Connection Is Bad
Chip Gear-Maker ASML Offers Positive Sales Forecast
Samsung's Exynos Processors Selected For Audi's In-Vehicle Infotainment
FTC Charges Qualcomm With Monopolizing Semiconductor Device Used in Cell Phones
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > Mobiles > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, January 22, 2014
Researchers Find VPN Vulnerability On Android Phones


Security researchers have claimed a flaw affecting Android 4.3 can be used to hijack unencrypted communications from an active VPN connection.

According to researchers at Ben Gurion University's (BGU) Cyber Security Labs, a network vulnerability on Android devices enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.

The researchers also demonstrated the vulnerability in a video, using the popular Samsung S4 device running on Android 4.3. KitKat. A user opens an email client and sends an email, with VPN enabed. But a packet capturing tool installed on a computer connected to the same network as the mobile device was showing traffic flowing through it (the SMTP packets), although no communications was supposed to pass through. The data of the communications protocol was analyzed and then the researchers could read the whole mail content.

The researchers added that SSL/TLS traffic can be also captured with this exploit but the content stays encrypted and not in clear text. They also confirmed the vulnerability on multiple Android devices from different vendors.

The new find follows a bug that BGU previously claimed to have found in Samsung's secure app container Knox, which, also relied on a malicious app to bypass the security feature to intercept outgoing communications data. Samsung and Google denied it was a flaw in Android or Knox, but admitted the researchers' attack used legitimate Android functions in an unintended way.

According to BGU, the new vulnerability is similar to the previous vulnerability they had disclosed to Samsung, by the fact that both of them work in a similar manner while the difference among them is the exploit target.

The researchers said they had filed a report with Google, which is yet to respond to the claimed vulnerability.




Previous
Next
VMware to Acquire AirWatch For $1.54 Billion        All News        Toshiba Develops 522Mbps TransferJet Module for Smartphones
Jury Finds Google Infringed SimpleAir Patent     Mobiles News      Toshiba Develops 522Mbps TransferJet Module for Smartphones

Get RSS feed Easy Print E-Mail this Message

Related News
Google Assistant Coming on Android TVs
Google To Launch First Android Wear 2.0 Smartwatches Early 2017
Qualcomm to Collaborate with Google on Android Things OS
Android 7.1.1 Update Coming To Google Smartphones
Researchers Say 1 Million Google Accounts Breached by "Gooligan"
Google Says Android Helps Competition
Sprint To Upgraded SMS To Android Users
Android Devices Vulnerable To Physical RAM Attack
ZTE Will Launch 4K Capable Android TV Set-Top-Box at Broadband World Forum 2016
Google Offers Up To $200K In Android Vulnerability Rewards Program
Android 7.0 Nougat Released For Nexus Devices And LG V20
Millions Of Android Devices Infected With Chinese Malware

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .