CrazyEngineers
  • VPN related security flaw brings Android JellyBean and KitKat under cyber threat

    Jason Estibeiro

    Jason Estibeiro

    @jason-IQjfPQ
    Updated: Oct 24, 2024
    Views: 1.9K
    Another major security flaw has been discovered in the Android OS. The flaw has been detected in the virtual private network of the Android operating systems in the Indian cyberspace. Personal information of the user and details of the phone can be obtained by exploiting this flaw. The flaw has been noticed in the last two versions of Android - version 4.3 (Jelly Bean) and version 4.4 (KitKat). Internet security investigators have been alerting Android users regarding the flaw.

    The technology behind VPN is that it's used to extend a private network across a public network like the Internet. Data can be shared across a public network as if it were directly connected to a private network. This is obtained by creating a virtual point-to-point connection and also using security measures such as encryption. Employees of an organisation use such connections to securely connect to their enterprise networks from remote locations through various devices such as laptops, desktops, mobiles and tablets. The Computer Emergency Response Team of India (CERT-In) said that the flaw allows an attacker to bypaas active VPN configuration to redirect the communication to a third party server. Also, attackers can easily obtain un-encrypted communications. The CERT-In team also mentioned that the attacker could also capture information of the affected device such as IMEI number, contacts, SMSes and installed applications.

    android

    As for precautions, the CERT-In team has advised users to install updates from original equipment manufactures. There may also be a lot of applications ready to exploit this weakness, hence download and install applications only from trusted sources. Also, install an anti-virus solution on the device. Exercise caution while surfing the internet, do not visit untrusted URLs and avoid clicking on URLs received via an unexpected SMS or email.

    In the last month, a similar flaw was also detected by Ben Gurion University's (BGU) Cyber Security Labs. As given in the #-Link-Snipped-#, the researchers have filed a report with Google but have not received a reply back. They also posted a video showing the vulnerability. Watch it here below.


    Source: #-Link-Snipped-#
    0
    Replies
Howdy guest!
Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.
Replies
  • Madhava Verma Dantuluri

    MemberMar 2, 2014

    Wonderful combination and should be good.
    Are you sure? This action cannot be undone.
    Cancel
  • Jason Estibeiro

    MemberMar 2, 2014

    @#-Link-Snipped-# - I think you commented on the wrong post ...
    Are you sure? This action cannot be undone.
    Cancel
Home Channels Search Login Register