Security researchers from Ben Gurion University have discovered a major exploit in Android 4.3 that can be used by malicious applications to bypass a VPN connection, and reroute the traffic to another network address as plain, readable text.
The Cyber Security Labs at Ben Gurion University have found and extensively tested a major security flaw in the Android operating system. Using a simple exploit, the vulnerability can allow malicious applications to bypass a VPN (Virtual Private Network) connection initiated by the user, and reroute the traffic to a different address.
The information can then be picked up by a packet sniffer as a completely unencrypted, plain text payload.
The researchers previewed the vulnerability in a YouTube video, clearly demonstrating the compromised plain contents of an email sent over a VPN on a Samsung Galaxy S4 running Android 4.3
VPNs are often used in corporate and academic environments as a safe way to access private networks across the Internet. Therefore, by their nature, the information sent to and from VPNs can tend to be highly sensitive and confidential, and is encrypted along the way.
Gurion’s report notes that the computer sniffing out data was connected to the same network as the infected phone. However, the VPN was configured correctly, and traffic should not have been going to the machine at all, nor should it have been readable as plain text in any case.
Gurion also notes, however, that while TLS/SSL traffic can be intercepted through this method, it remains encrypted and cannot be read. Therefore, secure socks connections such as HTTPS do not seem to be compromised by this exploit.
The researchers submitted information to Google on the seventeenth of January, and have not, as of yet, received a response.
The vulnerability was tested on multiple Android devices from different vendors, eliminating the possibility that the exploit is limited to a single device or manufacturer. The researchers have not yet verified whether the exploit works on Android Kitkat 4.4, though they are continuing to investigate it.