VPN Encryption Vulnerability On Android 77
An anonymous reader writes "Cyber security labs at Ben Gurion University have uncovered a network vulnerability on Android devices which has serious implications for users of VPNs. This vulnerability enables malicious apps to bypass active VPN configuration (no root permissions required) and redirect secure data communications to a different network address. These communications are captured in clear text (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."
Re: black listing all androids in 5..4..3..2..1 (Score:2, Interesting)
Or, just don't depend on the embedded Android VPN and move to a MicroVPN that does not use the Native VPN client. Citrix Netscaler and other SSL VPN venders offer this and it has much better battery life and device performance in general since you are not using a fat client app.
"trivially by passed by end users" (Score:4, Interesting)
And is grounds for termination on the spot. Circumvention of corporate resources is frowned upon.
Sure MDM isn't *perfect* ( same as "everything is vulnerable"... ) but it goes a long way to prevent people from doing wrong things, and goes even further to help catch them doing it.
Now, that out of the way, some vendor's MDM is far better than others, sounds like you have been involved with the 'not as better' group.