VPN flaw makes Android Jelly Bean and KitKat susceptible to hijacking

Android versions 4.3 and 4.4 have been found to contain a critical flaw in the implementation of the VPN service, which could allow hackers to transmit data transferred within the network to third-party servers.

According to the latest security advisory from Computer Emergency Response Team of India (CERT-In), the flaw which is present in Jelly Bean and KitKat flavours of the Android operating system could allow hackers to bypass security configurations of a VPN and transmit the data shared within the network to a third-party server.

The advisory also mentions that unencrypted communication within such networks can be intercepted by hackers, effectively defeating the purpose of using a VPN. Israeli security researchers were the first to find the vulnerability while testing Samsung's KNOX enterprise security suite for Android on the Galaxy S4, but later found that it was present on all devices running the mentioned Android versions.

Samsung had provided a statement with regards to the revelation saying, "Android development practices encourage (apps to use) SSL/TLS. Where that's not possible Android provides built-in VPN. Use of SSL/TLS would have prevented an attack based on a user-installed local application, (which exploited VPN flaw)." However, as the users themselves cannot guarantee whether apps are using sufficient security measures, it would be wise to install trusted apps and exercise caution till Google releases a fix in the near future.

Source: Times of India | Image via PocketNow

Report a problem with article
Previous Story

Facebook app for Windows 8.1 updated with new features and improvements

Next Story

Microsoft will offer OneDrive for Business as stand alone service starting April 1st

9 Comments - Add comment