Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Researchers Claim VPN Bypass on Android KitKat

Security researchers at Ben Gurion University have uncovered what they say is a network vulnerability on Google Android devices that could be used to allow malware to bypass VPN.

Security researchers at Ben Gurion University have uncovered what they say is a network vulnerability on Google Android devices that could be used to allow malware to bypass VPN.

According to the university’s Cyber Security Labs Team, the vulnerability has been verified in both Android Jelly Bean 4.3 and Android KitKat 4.4.

“At first we could not reproduce it with the original vulnerability code since KitKat has a modified security implementation,” according to the team’s blog. “Following an elaborate investigation we were able to reproduce the same vulnerability where a malicious app can bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.” 

Researchers contacted Google with their findings. A video presentation of the attack can be viewed here. According to the researchers, the findings are based on the same vulnerability they demonstrated weeks ago on the Samsung Galaxy S4 phone to circumvent the protections available in the KNOX security solution.

Early this month, Google and Samsung downplayed the researchers’ report, noting that their exploit uses legitimate Google Android network functions “in an unintended way to intercept unencrypted network connections from/to applications on the mobile device” and did not demonstrate a vulnerability in KNOX or Android.

Advertisement. Scroll to continue reading.

The researchers responded with a point-by-point refutation of the vendors’ joint response, noting among other things they had tested the attack on Samsung S4 devices “straight out of the box.”

“In the first finding we reported to Samsung the vulnerability details and an example exploit where an attacker can intercept, block, and alter data communications (non SSL/TLS and non VPN),” the team explained in a blog post. “We also stressed the point that other kind of attacks can take place via the same vulnerability. In our continued investigation of the vulnerability we found that an attacker can, in fact, do much more harm. This finding revealed that an attacker can bypass the VPN (even if configured properly) and again, the secure communications can be intercepted in clear text.”

Once the vulnerability has been resolved, more details will be posted, the team blogged.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

SpecterOps has appointed Tim Bender as CFO, Pat Sheridan as CRO, and Bryce Hein as CMO.

CISA has officially announced the appointment of Madhu Gottumukkala as its new deputy director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.