A VPN bypass flaw discovered in Android devices allows malicious apps to pass through a VPN and redirect data. Until a patch is released, how can I stop this from happening?
Researchers at the Cyber Security Labs at Ben Gurion University recently discovered a flaw in Android KitKat 4.4 that allows malicious apps to redirect secure data that is being sent over a VPN. Data is redirected before it is encrypted and can be intercepted and sent to a malicious network address. While researchers released a video to demonstrate their findings, details of the exploit and vulnerability weren't publically released.
This flaw appears to be a type of man-in-the-middle attack, which can be accomplished in several different ways such as ARP spoofing, DNS hijacking, BGP hijacking or man-in-the-browser attacks. Each of these and the VPN bypass flaw enable an attacker to redirect data. Additionally, some systems allow for routes, ARP tables, static DNS entries and so on, to be manually updated by a user, which could all have a similar effect as this attack. They all allow an authorized or unauthorized person to redirect IP connections before the data goes over the encryption VPN tunnel; this would allow an attacker to capture passwords or other sensitive data.
While there does appear to be a security weakness in how the Android system is configured for making updates to the network and VPN configurations, Google and Samsung collaborated on a response to the flaw, claiming it is not a vulnerability but "an unintended way to intercept unencrypted network connections."
To protect vulnerable Android devices until a patch or secure configuration is released, your enterprise should prohibit employees from installing unapproved apps. In addition, use a mobile device management product to detect when unapproved apps are installed or configuration changes are made on the system. Enterprises should also ensure that they are using application-layer encryption to help protect against these types of attacks.
While a patch was released by Google to address the flaw, it is never advised that an enterprise wait for the patch since an update is dependent on the mobile carriers, and mobile carriers are not very quick at pushing patches, nor do they have defined patching cycles. Therefore, putting precautionary enterprise measures in place is critical to keeping devices safe whenever a flaw is found.
Ask the Expert!
Perplexed about enterprise security? Send Nick Lewis your questions today! (All questions are anonymous.)
Related Q&A from Nick Lewis, Enterprise Threats
Chameleon malware targets insecure wireless access points. Enterprise threats expert Nick Lewis explains how to defend against the malware.continue reading
The Zeus malware is threatening RTF security by embedding itself in the file, which is commonly seen as safer than other file formats such as PDFs. ...continue reading
Enterprise threats expert Nick Lewis explains how to detect and avoid one of the most advanced malware threats: The Mask.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.