Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Android Encryption Security

VPN Encryption Vulnerability On Android 77

Posted by Soulskill
from the avoid-those-malicious-apps dept.
An anonymous reader writes "Cyber security labs at Ben Gurion University have uncovered a network vulnerability on Android devices which has serious implications for users of VPNs. This vulnerability enables malicious apps to bypass active VPN configuration (no root permissions required) and redirect secure data communications to a different network address. These communications are captured in clear text (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."
This discussion has been archived. No new comments can be posted.

VPN Encryption Vulnerability On Android

Comments Filter:
  • by Anonymous Coward on Saturday January 18, 2014 @10:57AM (#45998543)

    Or, just don't depend on the embedded Android VPN and move to a MicroVPN that does not use the Native VPN client. Citrix Netscaler and other SSL VPN venders offer this and it has much better battery life and device performance in general since you are not using a fat client app.

  • by nurb432 (527695) on Saturday January 18, 2014 @12:03PM (#45999033) Homepage Journal

    And is grounds for termination on the spot. Circumvention of corporate resources is frowned upon.

    Sure MDM isn't *perfect* ( same as "everything is vulnerable"... ) but it goes a long way to prevent people from doing wrong things, and goes even further to help catch them doing it.

    Now, that out of the way, some vendor's MDM is far better than others, sounds like you have been involved with the 'not as better' group.

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984

Working...