Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Mobile Security

VPN Encryption Vulnerability On Android Reveals plain-text

Paul Anderson by Paul Anderson
January 20, 2014 - Updated on May 17, 2022
in Mobile Security
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Security analysts at Ben Gurion University in Israel have revealed a vulnerability in Android units that may allow an attacker to circumvent VPN configurations to intercept what are intended as secure communications.

You might also like

Android is getting firmware level security improvements

New iOS and iPadOS update pushed to fix zero-day bugs

Are Bluetooth signals being used to track smartphones?

“This vulnerability enables malicious apps  to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address,” the researchers said.

“These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.”

The group has created a  video to demonstrate the vulnerability actually in operation in which they use Wireshark, a packet capturing tool intercept  the VPN communications in plain text:

“This vulnerability is similar to the previous vulnerability we’ve disclosed to Samsung (two weeks ago) by the fact that both of them work in a similar manner while the difference among them is the exploit target. See more info on the previous story WSJ. A detailed report on the original disclosure process will be provided soon via this blog,” the researchers added in an post.

The researchers alerted Google’s Android security team and supplied information on the vulnerability and exploit, and will also be posting further updates when they are released.

Tags: androidexploitplaintextVirtual private networkvulnerabilityWireshark
Share30Tweet19
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

Android is getting firmware level security improvements

by Paul Anderson
February 22, 2023
0
Android is getting firmware level security improvements

Android is the most widely used mobile operating system in the world, but it is also the most challenging to protect against evolving security threats. Google is working...

Read more

New iOS and iPadOS update pushed to fix zero-day bugs

by Kyle
February 17, 2023 - Updated on February 19, 2023
0
New iOS and iPadOS update pushed to fix zero-day bugs

Cybercriminals and "commercial" spyware developers frequently target iOS devices to carry out surveillance operations, data theft, and other nefarious actions. By identifying a weakness in Apple's iOS WebKit,...

Read more

Are Bluetooth signals being used to track smartphones?

by Christi Rogalski
June 17, 2022
0
Bluetooth research leads to tracking

Can Bluetooth signals be used to track smartphones? Many people would say "No" to this question. However, a team of engineers at the University of California San Diego...

Read more

How Apple Stopped $1.5 billion Worth of Fraudulent Transactions in 2021

by Christi Rogalski
June 8, 2022
0
Apple app store security fraud

Apple has recently released statistics on the number of fraudulent and untrustworthy transactions that have passed through the Apple App Store in 2021. In combination, they have stopped...

Read more

SharkBot – A New Generation Android Banking Trojan

by Kyle
May 27, 2022 - Updated on May 31, 2022
0
SharkBot Android Banking Malware

SharkBot is a "newer" Android banking trojan found recently being distributed on the Google Play Store. The trojan was originally found in October of 2021 by the Cleafy...

Read more
Next Post
Adware companies purchasing Chrome Add-ons

Adware companies purchasing Chrome Add-ons

Related News

Netwire RAT seized by FBI and other worldwide police agencies

Netwire RAT seized by FBI and other worldwide police agencies

March 16, 2023
The Emotet botnet returns and is sending a slew of malicious emails

The Emotet botnet returns and is sending a slew of malicious emails

March 14, 2023
Update-resistant malware infects SonicWall security appliances

Update-resistant malware infects SonicWall security appliances

March 12, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.