Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Android Encryption Security

VPN Encryption Vulnerability On Android 77

Posted by Soulskill
from the avoid-those-malicious-apps dept.
An anonymous reader writes "Cyber security labs at Ben Gurion University have uncovered a network vulnerability on Android devices which has serious implications for users of VPNs. This vulnerability enables malicious apps to bypass active VPN configuration (no root permissions required) and redirect secure data communications to a different network address. These communications are captured in clear text (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."
This discussion has been archived. No new comments can be posted.

VPN Encryption Vulnerability On Android

Comments Filter:
  • by Anonymous Coward on Saturday January 18, 2014 @11:57AM (#45998543)

    Or, just don't depend on the embedded Android VPN and move to a MicroVPN that does not use the Native VPN client. Citrix Netscaler and other SSL VPN venders offer this and it has much better battery life and device performance in general since you are not using a fat client app.

  • by nurb432 (527695) on Saturday January 18, 2014 @01:03PM (#45999033) Homepage Journal

    And is grounds for termination on the spot. Circumvention of corporate resources is frowned upon.

    Sure MDM isn't *perfect* ( same as "everything is vulnerable"... ) but it goes a long way to prevent people from doing wrong things, and goes even further to help catch them doing it.

    Now, that out of the way, some vendor's MDM is far better than others, sounds like you have been involved with the 'not as better' group.

Real Users find the one combination of bizarre input values that shuts down the system for days.