VPN vulnerability in Android devices allows intercept communications

Israeli Security researchers discovered an Android security flaw to bypass active VPN configurations and intercept secure communications.

A new alleged flaw in Android mobile could harm user’s privacy over VPN. Israeli security researchers from the Ben Gurion University (BGU), the same that discovered a few weeks ago a vulnerability in the Samsung Knox platform, have uncovered a new flaw in the Android OS. They discovered a vulnerability that allowed them to bypass active VPN configurations and intercept secure communications.
As explained by the researchers, an attacker doesn’t need root permissions to eavesdrop data transmissions in stealth way. The researchers

“This vulnerability enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.” wrote BGU member Dudu Mimran.

The experts have tested the vulnerability on several Android devices from various vendors, they also provided a video POC to demonstrate how simple is the traffic eavesdropping.

“SSL/TLS traffic can be also captured with this exploit but the content stays encrypted and not in clear text. ” confirmed the researchers.

As remarked in the post the tests have been performed on a properly configured VPN with WI-Fi connections, and an attacker’s PC connected on the same network as the targeted Smartphone.

The vulnerability has been reported to Google, I’m curious to see the reply of its security team, in the last week security team at Samsung refused to consider the bug on Knox as a vulnerability.

BGU researchers noted that the attack against VPN users is different from the one targeting the Samsung Knox.

Pierluigi Paganini

(Security Affairs – Android, VPN)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.