A VPN bypass flaw discovered in Android devices allows malicious apps to pass through a VPN and redirect data....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Until a patch is released, how can I stop this from happening?
Researchers at the Cyber Security Labs at Ben Gurion University recently discovered a flaw in Android KitKat 4.4 that allows malicious apps to redirect secure data that is being sent over a VPN. Data is redirected before it is encrypted and can be intercepted and sent to a malicious network address. While researchers released a video to demonstrate their findings, details of the exploit and vulnerability weren't publically released.
This flaw appears to be a type of man-in-the-middle attack, which can be accomplished in several different ways such as ARP spoofing, DNS hijacking, BGP hijacking or man-in-the-browser attacks. Each of these and the VPN bypass flaw enable an attacker to redirect data. Additionally, some systems allow for routes, ARP tables, static DNS entries and so on, to be manually updated by a user, which could all have a similar effect as this attack. They all allow an authorized or unauthorized person to redirect IP connections before the data goes over the encryption VPN tunnel; this would allow an attacker to capture passwords or other sensitive data.
While there does appear to be a security weakness in how the Android system is configured for making updates to the network and VPN configurations, Google and Samsung collaborated on a response to the flaw, claiming it is not a vulnerability but "an unintended way to intercept unencrypted network connections."
To protect vulnerable Android devices until a patch or secure configuration is released, your enterprise should prohibit employees from installing unapproved apps. In addition, use a mobile device management product to detect when unapproved apps are installed or configuration changes are made on the system. Enterprises should also ensure that they are using application-layer encryption to help protect against these types of attacks.
While a patch was released by Google to address the flaw, it is never advised that an enterprise wait for the patch since an update is dependent on the mobile carriers, and mobile carriers are not very quick at pushing patches, nor do they have defined patching cycles. Therefore, putting precautionary enterprise measures in place is critical to keeping devices safe whenever a flaw is found.
Ask the Expert!
Perplexed about enterprise security? Send Nick Lewis your questions today! (All questions are anonymous.)
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Malware is increasingly using DNS tunnels to aid in data exfiltration. Expert Nick Lewis explains how the attacks work and how best to defend against...continue reading
Researchers warned about the rise of a new cross-site scripting flaw involving same-origin policy. Expert Nick Lewis explains the vulnerability and ...continue reading
Malware authors are adopting software wrapping to hide malicious code and avoid detection. Expert Nick Lewis explains how to defend against the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.