Home » News » Mobile Phones » CERT-In cautions users of critical VPN flaw in Android Jelly Bean and KitKat

CERT-In cautions users of critical VPN flaw in Android Jelly Bean and KitKat

By Kul Bhushan | Updated on 03-Mar-2014
CERT-In cautions users of critical VPN flaw in Android Jelly Bean and KitKat
Kul Bhushan Kul Bhushan
03 Mar 2014 10:40
HIGHLIGHTS

Are you using your Android's VPN to access your enterprise network? Here's a heads up from the CERT-In.

The Computer Emergency Response Team of India (CERT-In) has cautioned users of a ‘critical flaw’ in Android’s (virtual private network) VPN implementation, mainly affecting v4.3 Jelly Bean and the latest v4.4 KitKat. According to the Internet security sleuths, the flaw could allow an attacker to ‘hijack’ personal data of users.

“A critical flaw has been reported in Android’s Virtual Private Network (VPN) implementation, affecting Android version 4.3 and 4.4 which could allow an attacker to bypass active VPN configuration to redirect secure VPN communications to a third party server or disclose or hijack unencrypted communications,” the Computer Emergency Response Team of India (CERT-In) said in a latest advisory to users of this network.

VPN technology enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, but with the functionality, security and management policies of the private networks.

According to the CERT-In, the flaw can be used to redirect the VPN traffic “to a different network address” and that its exploitation “could allow attackers to capture entire communication originating from affected device.”

“It is noted that not all applications are encrypting their network communication. Still there is a possibility that attacker could possibly capture sensitive information from the affected device in plain text like email addresses, IMEI number, SMSes, installed applications,” the advisory said.

Cyber experts, however, added this flaw could only lead to capture and viewing the data which is in plain text and Android applications directly connecting to the server using SSL and websites that use ‘https’ in their URL will not be affected.

“Apply appropriate updates from original equipment manufacturer, do not download and install application from untrusted sources, maintain updated mobile security solution or mobile anti-virus solutions on the device, exercise caution while visiting trusted or untrusted URLs and do not click on the URLs received via SMS or email unexpectedly from trusted or received from untrusted users” are some of the countermeasures suggested by the CERT-In to tackle the threat.

Source: ZeeNews

Kul Bhushan

Kul Bhushan

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo