A new alleged flaw in Android mobile could harm user’s privacy over VPN. Israeli security researchers from the Ben Gurion University (BGU), the same that discovered a few weeks ago a vulnerability in the Samsung Knox platform, have uncovered a new flaw in the Android OS. They discovered a vulnerability that allowed them to bypass active VPN configurations and intercept secure communications.
As explained by the researchers, an attacker doesn’t need root permissions to eavesdrop data transmissions in stealth way. The researchers
“This vulnerability enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.” wrote BGU member Dudu Mimran.
The experts have tested the vulnerability on several Android devices from various vendors, they also provided a video POC to demonstrate how simple is the traffic eavesdropping.
“SSL/TLS traffic can be also captured with this exploit but the content stays encrypted and not in clear text. ” confirmed the researchers.
As remarked in the post the tests have been performed on a properly configured VPN with WI-Fi connections, and an attacker’s PC connected on the same network as the targeted Smartphone.
The vulnerability has been reported to Google, I’m curious to see the reply of its security team, in the last week security team at Samsung refused to consider the bug on Knox as a vulnerability.
BGU researchers noted that the attack against VPN users is different from the one targeting the Samsung Knox.
(Security Affairs – Android, VPN)