The researchers also demonstrated the vulnerability in a video, using the popular Samsung S4 device running on Android 4.3. KitKat. A user opens an email client and sends an email, with VPN enabed. But a packet capturing tool installed on a computer connected to the same network as the mobile device was showing traffic flowing through it (the SMTP packets), although no communications was supposed to pass through. The data of the communications protocol was analyzed and then the researchers could read the whole mail content.
The researchers added that SSL/TLS traffic can be also captured with this exploit but the content stays encrypted and not in clear text. They also confirmed the vulnerability on multiple Android devices from different vendors.
The new find follows a bug that BGU previously claimed to have found in Samsung's secure app container Knox, which, also relied on a malicious app to bypass the security feature to intercept outgoing communications data. Samsung and Google denied it was a flaw in Android or Knox, but admitted the researchers' attack used legitimate Android functions in an unintended way.
According to BGU, the new vulnerability is similar to the previous vulnerability they had disclosed to Samsung, by the fact that both of them work in a similar manner while the difference among them is the exploit target.
The researchers said they had filed a report with Google, which is yet to respond to the claimed vulnerability.