A VPN bypass flaw discovered in Android devices allows malicious apps to pass through a VPN and redirect data....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Until a patch is released, how can I stop this from happening?
Researchers at the Cyber Security Labs at Ben Gurion University recently discovered a flaw in Android KitKat 4.4 that allows malicious apps to redirect secure data that is being sent over a VPN. Data is redirected before it is encrypted and can be intercepted and sent to a malicious network address. While researchers released a video to demonstrate their findings, details of the exploit and vulnerability weren't publically released.
This flaw appears to be a type of man-in-the-middle attack, which can be accomplished in several different ways such as ARP spoofing, DNS hijacking, BGP hijacking or man-in-the-browser attacks. Each of these and the VPN bypass flaw enable an attacker to redirect data. Additionally, some systems allow for routes, ARP tables, static DNS entries and so on, to be manually updated by a user, which could all have a similar effect as this attack. They all allow an authorized or unauthorized person to redirect IP connections before the data goes over the encryption VPN tunnel; this would allow an attacker to capture passwords or other sensitive data.
While there does appear to be a security weakness in how the Android system is configured for making updates to the network and VPN configurations, Google and Samsung collaborated on a response to the flaw, claiming it is not a vulnerability but "an unintended way to intercept unencrypted network connections."
To protect vulnerable Android devices until a patch or secure configuration is released, your enterprise should prohibit employees from installing unapproved apps. In addition, use a mobile device management product to detect when unapproved apps are installed or configuration changes are made on the system. Enterprises should also ensure that they are using application-layer encryption to help protect against these types of attacks.
While a patch was released by Google to address the flaw, it is never advised that an enterprise wait for the patch since an update is dependent on the mobile carriers, and mobile carriers are not very quick at pushing patches, nor do they have defined patching cycles. Therefore, putting precautionary enterprise measures in place is critical to keeping devices safe whenever a flaw is found.
Ask the Expert!
Perplexed about enterprise security? Send Nick Lewis your questions today! (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.continue reading
A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to ...continue reading
A new exploit of CLDAP servers can be used for a DDoS reflection attack that gives attackers a 70x boost. Nick Lewis explains how to defend against ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.