As part of our ongoing mobile security research we have uncovered a network vulnerability on Android devices which has serious implications for users using VPN. This vulnerability enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.
In this video we demonstrate the vulnerability via the following steps:
- We present a regular Android device (in this case it is the popular Samsung S4 device). Behind it we display a screen with packet capturing tool, showing the traffic that flows through that computer.
- Now the user runs the malicious app and clicks on the Exploit button which takes advantage of the vulnerability in the phone’s system.
- The user then navigates the menu to the phone’s network settings and activates the VPN. In the video it is easy to see that the user verifies that the VPN is active.
- The user then opens an email client (the system default) and sends an email with the word security in the subject line
- We immediately see that some information has been captured on the computer where the detection tool is running. It is important to stress again that no communications was supposed to pass through this computer in the first place.
- In the video we can clearly see the SMTP (mail protocol) packets. The data of the communications protocol is analyzed and then we can see the whole mail including its “secret” subject in clear text.
Video property of Cyber Security Labs
Be sure to hit the link below to read the rest of their write up.
Source: Cyber Security Labs