VPN Encryption Vulnerability On Android

An anonymous reader writes "Cyber security labs at Ben Gurion University have uncovered a network vulnerability on Android devices which has serious implications for users of VPNs. This vulnerability enables malicious apps to bypass active VPN configuration (no root permissions required) and redirect secure data communications to a different network address. These communications are captured in clear text (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."

Re:black listing all androids in 5..4..3..2..1

[nurb432]

Better blacklist windows, apple, blackberry, desktops, laptops.... Everything is vulnerable. Even your users. Its how you mitigate the ongoing risk that separates the men from the boys.

If you are competent enough to use MDM on your mobile devices then your end users wouldn't be installing non-approved apps anyway so they would be at minimal risk of exposure to this. If you are not, then you are just a clueless blow-hard moron and don't deserve to be in your position..