The Ben-Gurion University of the Negev security researchers from Israel, has reported that they have discovered vulnerability exclusively in the Android KitKat mobile that allows certain malicious applications to implement an attacker controlled system, which forces more traffic by controlling the VPN Connection.
The researchers from the Ben-Gurion University’s Cyber Security Labs revealed on January 17th that this vulnerability affected the devices with the Android 4.3 Jelly Bean version and with more investigation they were able to find that this affected even the Operation System of the latest wonder version of Android KitKat.
VPN technology is usually used for creating a tunnel that is encrypted in to a public internet over the private network. VPN Connections are used by Companies for their workers to connect securely to networks even from certain locations. Ben-Gurion University researchers reported in the blog post that the communications processes are captured by the applications that are malicious and exposing by dropping information.
The researchers were concerned that the vulnerability affects even the Samsung KNOX security system. As we all know this is a hardened version designed exclusively by Android for complete security, which were exclusively used in enterprises for maximum protection. Any app running in the unsafe conditions of the KNOX Android devices can easily exploit and create changes in the network configuration. This change will eventually allow the malicious attackers to obstruct any communications from secured origin.
Samsung announced that the exploit has capacity to convert the legitimate functionalities of Android network in a unintended manner. The research demonstrates a MitM attack that happens at any network area that can be stimulated using the VPN solutions. And this condition can be made less severe by securing the protocols of data transport such as the SSL.
This response from the Samsung made the researchers to further investigate about the issue that allowed them to discover about the bypass done by the VPN. In their first report the researchers had discovered and shared the details about the vulnerability that was able to alter, block and intercept the communications data.
And according to the latest report issued last Thursday via a blog post, the researchers once again confirmed this vulnerability has power to attack and generate insecurity in various other forms as well; thus causing more hazardous effects to your device. But this vulnerability cannot be used by applications with encrypted traffic data. It is therefore essential to find ways to safeguard Android KitKat and other similar versions from the MitM attack.