Q

Blocking VPN bypass flaws and malicious apps on Android

Expert Nick Lewis explains how to avoid a detrimental VPN bypass flaw that allows malicious apps to infiltrate Android devices.

A VPN bypass flaw discovered in Android devices allows malicious apps to pass through a VPN and redirect data. Until a patch is released, how can I stop this from happening?

Researchers at the Cyber Security Labs at Ben Gurion University recently discovered a flaw in Android KitKat 4.4 that allows malicious apps to redirect secure data that is being sent over a VPN. Data is redirected before it is encrypted and can be intercepted and sent to a malicious network address. While researchers released a video to demonstrate their findings, details of the exploit and vulnerability weren't publically released.

This flaw appears to be a type of man-in-the-middle attack, which can be accomplished in several different ways such as ARP spoofing, DNS hijacking, BGP hijacking or man-in-the-browser attacks. Each of these and the VPN bypass flaw enable an attacker to redirect data. Additionally, some systems allow for routes, ARP tables, static DNS entries and so on, to be manually updated by a user, which could all have a similar effect as this attack. They all allow an authorized or unauthorized person to redirect IP connections before the data goes over the encryption VPN tunnel; this would allow an attacker to capture passwords or other sensitive data.

While there does appear to be a security weakness in how the Android system is configured for making updates to the network and VPN configurations, Google and Samsung collaborated on a response to the flaw, claiming it is not a vulnerability but "an unintended way to intercept unencrypted network connections."

To protect vulnerable Android devices until a patch or secure configuration is released, your enterprise should prohibit employees from installing unapproved apps. In addition, use a mobile device management product to detect when unapproved apps are installed or configuration changes are made on the system. Enterprises should also ensure that they are using application-layer encryption to help protect against these types of attacks.

While a patch was released by Google to address the flaw, it is never advised that an enterprise wait for the patch since an update is dependent on the mobile carriers, and mobile carriers are not very quick at pushing patches, nor do they have defined patching cycles. Therefore, putting precautionary enterprise measures in place is critical to keeping devices safe whenever a flaw is found.

Ask the Expert!
Perplexed about enterprise security? Send Nick Lewis your questions today! (All questions are anonymous.)

This was first published in July 2014

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close