Latest security flaw found in Android operating system . This vulnerability was discovered by a group of researchers at Ben Gurion University , Israel . In their latest findings , it was revealed that the flow of data traffic on an Android device can be stolen through a virtual private network ( VPN ) .
Related holes in the network security system in Android allows malicious applications to intercept and divert a VPN connection to a different server . Similarly, as reported by Android Authority , on Tuesday ( 01/21/2014 ) .
The server can fully control all data sent from Android device via a VPN connection . Typically , a VPN network is protected by encryption method . However, because of the bug , the data obtained on the false goals so unencrypted .
From the findings of this vulnerability , there is bad news and the good . The bad news , this weakness can occur in all Android devices and can be performed without requiring root access .
The code to intercept this data can be embedded in any application . Once the application is run , owned a VPN connection is not safe anymore . Testing for Android 4.3 and Android 4.4 KitKat still running .
The good news is , to insert the malicious code , required applications installed on Android devices . Without these malicious applications , VPN path can not be transferred . Because of this , Android users are encouraged to download the app from the Google Play Store in order to reduce risk .
Details regarding this security hole has not been revealed by researchers at Ben Gurion University . However , they stated that the traffic flow SSL / TLS encrypted remains safe , despite the malicious program has been infiltrated .
Thus , if Android users using services such as e - mails which encrypts all data traffic , then the user data will remain protected , even if the VPN has been intercepted .
Related holes in the network security system in Android allows malicious applications to intercept and divert a VPN connection to a different server . Similarly, as reported by Android Authority , on Tuesday ( 01/21/2014 ) .
The server can fully control all data sent from Android device via a VPN connection . Typically , a VPN network is protected by encryption method . However, because of the bug , the data obtained on the false goals so unencrypted .
From the findings of this vulnerability , there is bad news and the good . The bad news , this weakness can occur in all Android devices and can be performed without requiring root access .
The code to intercept this data can be embedded in any application . Once the application is run , owned a VPN connection is not safe anymore . Testing for Android 4.3 and Android 4.4 KitKat still running .
The good news is , to insert the malicious code , required applications installed on Android devices . Without these malicious applications , VPN path can not be transferred . Because of this , Android users are encouraged to download the app from the Google Play Store in order to reduce risk .
Details regarding this security hole has not been revealed by researchers at Ben Gurion University . However , they stated that the traffic flow SSL / TLS encrypted remains safe , despite the malicious program has been infiltrated .
Thus , if Android users using services such as e - mails which encrypts all data traffic , then the user data will remain protected , even if the VPN has been intercepted .
No comments:
Post a Comment