VPN related security flaw brings Android JellyBean and KitKat under cyber threat
Another major security flaw has been discovered in the Android OS. The flaw has been detected in the virtual private network of the Android operating systems in the Indian cyberspace. Personal information of the user and details of the phone can be obtained by exploiting this flaw. The flaw has been noticed in the last two versions of Android - version 4.3 (Jelly Bean) and version 4.4 (KitKat). Internet security investigators have been alerting Android users regarding the flaw.
The technology behind VPN is that it's used to extend a private network across a public network like the Internet. Data can be shared across a public network as if it were directly connected to a private network. This is obtained by creating a virtual point-to-point connection and also using security measures such as encryption. Employees of an organisation use such connections to securely connect to their enterprise networks from remote locations through various devices such as laptops, desktops, mobiles and tablets. The Computer Emergency Response Team of India (CERT-In) said that the flaw allows an attacker to bypaas active VPN configuration to redirect the communication to a third party server. Also, attackers can easily obtain un-encrypted communications. The CERT-In team also mentioned that the attacker could also capture information of the affected device such as IMEI number, contacts, SMSes and installed applications.
As for precautions, the CERT-In team has advised users to install updates from original equipment manufactures. There may also be a lot of applications ready to exploit this weakness, hence download and install applications only from trusted sources. Also, install an anti-virus solution on the device. Exercise caution while surfing the internet, do not visit untrusted URLs and avoid clicking on URLs received via an unexpected SMS or email.
In the last month, a similar flaw was also detected by Ben Gurion University's (BGU) Cyber Security Labs. As given in the #-Link-Snipped-#, the researchers have filed a report with Google but have not received a reply back. They also posted a video showing the vulnerability. Watch it here below.
Source: #-Link-Snipped-#
The technology behind VPN is that it's used to extend a private network across a public network like the Internet. Data can be shared across a public network as if it were directly connected to a private network. This is obtained by creating a virtual point-to-point connection and also using security measures such as encryption. Employees of an organisation use such connections to securely connect to their enterprise networks from remote locations through various devices such as laptops, desktops, mobiles and tablets. The Computer Emergency Response Team of India (CERT-In) said that the flaw allows an attacker to bypaas active VPN configuration to redirect the communication to a third party server. Also, attackers can easily obtain un-encrypted communications. The CERT-In team also mentioned that the attacker could also capture information of the affected device such as IMEI number, contacts, SMSes and installed applications.
As for precautions, the CERT-In team has advised users to install updates from original equipment manufactures. There may also be a lot of applications ready to exploit this weakness, hence download and install applications only from trusted sources. Also, install an anti-virus solution on the device. Exercise caution while surfing the internet, do not visit untrusted URLs and avoid clicking on URLs received via an unexpected SMS or email.
In the last month, a similar flaw was also detected by Ben Gurion University's (BGU) Cyber Security Labs. As given in the #-Link-Snipped-#, the researchers have filed a report with Google but have not received a reply back. They also posted a video showing the vulnerability. Watch it here below.
Source: #-Link-Snipped-#
Replies
-
Madhava Verma DantuluriWonderful combination and should be good. -
Jason Estibeiro@#-Link-Snipped-# - I think you commented on the wrong post ...
You are reading an archived discussion.
Related Posts
See The latest Ad from Microsoft...
The advertisement is talking about the wedding planning using a touch screen device. Very bluntly Microsoft used the fact that the would be bride...
CRAZYENGINEERS SHOULD have to hav ea Whatsapp group.., coz now a days there are more people on mobile than computers..!!
As smartphones and tablets evolve, they get faster and gain more useful features. However, there is one place where they are still lagging and that is the battery life. Many...
Skoda India has launched a special edition of Skoda Rapid Ultima and it has started selling through the company's dealerships from 1st of March, 2014. The sedan will available for...
After dual sim phones stopped being cool, it's the time for smartphones with dual operating system. Karbonn mobile, which is currently the fourth largest company in the handset market, has...