CrazyEngineers Archive
Old, but evergreen and popular discussions on CrazyEngineers, presented to you in read-only mode.
@Jason Estibeiro • 02 Mar, 2014 • 6 likes
Another major security flaw has been discovered in the Android OS. The flaw has been detected in the virtual private network of the Android operating systems in the Indian cyberspace. Personal information of the user and details of the phone can be obtained by exploiting this flaw. The flaw has been noticed in the last two versions of Android - version 4.3 (Jelly Bean) and version 4.4 (KitKat). Internet security investigators have been alerting Android users regarding the flaw.

The technology behind VPN is that it's used to extend a private network across a public network like the Internet. Data can be shared across a public network as if it were directly connected to a private network. This is obtained by creating a virtual point-to-point connection and also using security measures such as encryption. Employees of an organisation use such connections to securely connect to their enterprise networks from remote locations through various devices such as laptops, desktops, mobiles and tablets. The Computer Emergency Response Team of India (CERT-In) said that the flaw allows an attacker to bypaas active VPN configuration to redirect the communication to a third party server. Also, attackers can easily obtain un-encrypted communications. The CERT-In team also mentioned that the attacker could also capture information of the affected device such as IMEI number, contacts, SMSes and installed applications.


As for precautions, the CERT-In team has advised users to install updates from original equipment manufactures. There may also be a lot of applications ready to exploit this weakness, hence download and install applications only from trusted sources. Also, install an anti-virus solution on the device. Exercise caution while surfing the internet, do not visit untrusted URLs and avoid clicking on URLs received via an unexpected SMS or email.

In the last month, a similar flaw was also detected by Ben Gurion University's (BGU) Cyber Security Labs. As given in the report, the researchers have filed a report with Google but have not received a reply back. They also posted a video showing the vulnerability. Watch it here below.

Source: Times of India
@Madhava Verma Dantuluri • 02 Mar, 2014 Wonderful combination and should be good.
@Jason Estibeiro • 02 Mar, 2014 @Madhava Verma Dantuluri - I think you commented on the wrong post ...

Related Posts

@Ankita Katdare · Jul 25, 2015

Inspired from the several discussions going on CrazyEngineers about business ideas for electrical engineers, I thought we should have one for civil engineers as well. A lot of engineers from...

@Gjnitp · May 17, 2008

hello to everybody, This is G J Nithya Shankari.I just want some tips regarding presentations and projects😒😒😒. What are the basic things to be learned before starting paper presentations? what...

@N.Gowtham Raj · Mar 2, 2011

Hi friends.... Pls help me out to find the cutting force calculations for a drilling machine and the calculations for design of lead screw......

@Whats In Name · Sep 21, 2010

What can be the disadvantages of swapping in the operating system?

@veera s kamesh · Aug 2, 2012

I want to do project on this topic . is it useful? I have no idea on how to do this . I am totally depending on this social network...