U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

VPN vulnerability in Android devices allows intercept communications

Israeli Security researchers discovered an Android security flaw to bypass active VPN configurations and intercept secure communications. A new alleged flaw in Android mobile could harm user’s privacy over VPN. Israeli security researchers from the Ben Gurion University (BGU), the same that discovered a few weeks ago a vulnerability in the Samsung Knox platform, have […]

VPN vulnerability in Android devices allows intercept communications

Israeli Security researchers discovered an Android security flaw to bypass active VPN configurations and intercept secure communications.

A new alleged flaw in Android mobile could harm user’s privacy over VPN. Israeli security researchers from the Ben Gurion University (BGU), the same that discovered a few weeks ago a vulnerability in the Samsung Knox platform, have uncovered a new flaw in the Android OS. They discovered a vulnerability that allowed them to bypass active VPN configurations and intercept secure communications.
As explained by the researchers, an attacker doesn’t need root permissions to eavesdrop data transmissions in stealth way. The researchers

“This vulnerability enables malicious apps  to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.”  wrote BGU member Dudu Mimran.

The experts have tested the vulnerability on several Android devices from various vendors, they also provided a video POC to demonstrate how simple is the traffic eavesdropping.

VPN Android flaw 2

“SSL/TLS traffic can be also captured with this exploit but the content stays encrypted and not in clear text. ” confirmed the researchers.

As remarked in the post the tests have been performed on a properly configured VPN with WI-Fi connections, and an attacker’s PC connected on the same network as the targeted Smartphone.

The vulnerability has been reported to Google, I’m curious to see the reply of its security team, in the last week security team at Samsung refused to consider the bug on Knox as a vulnerability.

BGU researchers noted that the attack against VPN users is different from the one targeting the Samsung Knox.

Pierluigi Paganini

(Security Affairs –  Android, VPN)