Security researchers from the Ben Gurion University (BGU) in Israel have uncovered another Android security issue. They’ve found a way to bypass active VPN configurations and intercept secure communications.
In order to exploit this vulnerability, an attacker doesn’t require root permissions to capture data transmissions. The worst part of it is that there’s nothing that would make victims realize that they’re being attacked.
“[The] communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure,” BGU’s Dudu Mimran noted.
The experts have tested the vulnerability on several Android devices from various vendors. The video POC they made uses a Samsung Galaxy S4.
SSL/TLS traffic can also be intercepted using this attack method, but the content stays encrypted. The experiments have been performed on a properly configured VPN, using Wi-Fi connections, and a computer connected on the same network as the targeted mobile device.
The vulnerability has been reported to Google. It remains to be seen if the search giant classifies this issue as an Android security hole.
A few weeks ago, BGU mobile security researchers claimed to have found a vulnerability impacting the Samsung Knox platform. At the time, Samsung issued an official response saying that the attack exploited legitimate Android network functions in an unintended way for a classic man-in-the-middle attack.
The company noted that the researchers didn’t actually identify a vulnerability in Android or Knox.
Now, BGU researchers clarify that the attack impacting VPN users is different from the one targeting the Samsung Knox platform. Additional technical details on the vulnerability will be made available by the researchers at a later time.