VPN Encryption Vulnerability On Android

Posted by Soulskill on Saturday January 18, 2014 @03:30AM from the avoid-those-malicious-apps dept.

An anonymous reader writes "Cyber security labs at Ben Gurion University have uncovered a network vulnerability on Android devices which has serious implications for users of VPNs. This vulnerability enables malicious apps to bypass active VPN configuration (no root permissions required) and redirect secure data communications to a different network address. These communications are captured in clear text (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."

2 of 77 comments (clear)

Min score:

Reason:

Sort:

black listing all androids in 5..4..3..2..1 by Anonymous Coward · 2014-01-18 03:41 · Score: 0, Funny

I am going to need to update our companies VPN black list to include all android devices. End of story. Problem solution.
Whew by oodaloop · 2014-01-18 04:19 · Score: 4, Funny

Good thing I don't use a VPN on my android phone! I might have been exposing my data!

--
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.