A VPN bypass flaw discovered in Android devices allows malicious apps to pass through a VPN and redirect data....
Until a patch is released, how can I stop this from happening?
Researchers at the Cyber Security Labs at Ben Gurion University recently discovered a flaw in Android KitKat 4.4 that allows malicious apps to redirect secure data that is being sent over a VPN. Data is redirected before it is encrypted and can be intercepted and sent to a malicious network address. While researchers released a video to demonstrate their findings, details of the exploit and vulnerability weren't publically released.
This flaw appears to be a type of man-in-the-middle attack, which can be accomplished in several different ways such as ARP spoofing, DNS hijacking, BGP hijacking or man-in-the-browser attacks. Each of these and the VPN bypass flaw enable an attacker to redirect data. Additionally, some systems allow for routes, ARP tables, static DNS entries and so on, to be manually updated by a user, which could all have a similar effect as this attack. They all allow an authorized or unauthorized person to redirect IP connections before the data goes over the encryption VPN tunnel; this would allow an attacker to capture passwords or other sensitive data.
While there does appear to be a security weakness in how the Android system is configured for making updates to the network and VPN configurations, Google and Samsung collaborated on a response to the flaw, claiming it is not a vulnerability but "an unintended way to intercept unencrypted network connections."
To protect vulnerable Android devices until a patch or secure configuration is released, your enterprise should prohibit employees from installing unapproved apps. In addition, use a mobile device management product to detect when unapproved apps are installed or configuration changes are made on the system. Enterprises should also ensure that they are using application-layer encryption to help protect against these types of attacks.
While a patch was released by Google to address the flaw, it is never advised that an enterprise wait for the patch since an update is dependent on the mobile carriers, and mobile carriers are not very quick at pushing patches, nor do they have defined patching cycles. Therefore, putting precautionary enterprise measures in place is critical to keeping devices safe whenever a flaw is found.
Ask the Expert!
Perplexed about enterprise security? Send Nick Lewis your questions today! (All questions are anonymous.)
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.