The researchers from Ben Gurion university who first discovered the Samsung Galaxy Knox vulnerability are at it again, exposing more holes and problems for the fledgling Android security platform.
This time they’ve come forward with details about a new VPN exploit, one which could potentially be used to gain unauthorized access to a user’s device without them being any the wiser. By exploiting the app platform in the Google Play Store, students at the university’s Cyber Security labs have been able to successfully redirect traffic from standard VPN services to an illicit server which could be used to log and analyze the traffic from a remote location.
In a statement to The Register, the head of the department expressed his disappointment in the supposedly secure mobile OS.
“This vulnerability enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed.”
As of yet the researchers haven’t published the exact method they used to crack the phone’s code, but have informed us they are in talks with Google’s security team regarding the issue and that the problem should be patched shortly.
To avoid these types of programs and prevent them from affecting your device, never download any applications or software that you don’t explicitly recognize beforehand, and always be sure to run the latest VPN updates from your preferred provider.