Security analysts at Ben Gurion University in Israel have revealed a vulnerability in Android units that may allow an attacker to circumvent VPN configurations to intercept what are intended as secure communications.
“This vulnerability enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address,” the researchers said.
“These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.”
The group has created a video to demonstrate the vulnerability actually in operation in which they use Wireshark, a packet capturing tool intercept the VPN communications in plain text:
“This vulnerability is similar to the previous vulnerability we’ve disclosed to Samsung (two weeks ago) by the fact that both of them work in a similar manner while the difference among them is the exploit target. See more info on the previous story WSJ. A detailed report on the original disclosure process will be provided soon via this blog,” the researchers added in an post.
The researchers alerted Google’s Android security team and supplied information on the vulnerability and exploit, and will also be posting further updates when they are released.