The Ben Gurion University security researchers who tangled with Samsung over its KitKat security implementation have posted a follow-up, in which they demonstrate how a malicious app could bypass some VPN protections in Android. Back in December, the university's Cyber Security Labs stated that Samsung's Knox implementation was …
is Android 4.4 not 4.3
" it's important to note that it can only be exploited if a user can be tricked into installing a malicious application."
And there's none of those for Android at all, right?
So basically all you would been to do was force all traffic over a proxy of some sort (potentially a socks proxy) which you owned regardless of if the traffic transited the vpn or native data connection and hover it all up... simples..
ABP basically does the same on android with a local proxy to block the ads, although your better off manually patching the hosts file if you ask me... anyway moving on.
But honestly who sets up a mobile device to use email service which doesn't use ssl or tls these days...
Essentially all it boils down to is the told the user install x program that then asked for permissions to things it didn't need and the user clicked yes that's fine install...
Bit of a non event if you ask me, now if they had cooked in something like ssl strip to try and snaffle up web traffic as well it would be more interesting.
Re: Socks Proxy
"Essentially all it boils down to is the told the user install x program that then asked for permissions to things it didn't need and the user clicked yes that's fine install…"
Yeah I mean no-one ever does that
- Vid Antarctic ice THICKER than first feared – penguin-bot boffins
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Antique Code Show World of Warcraft then and now: From Orcs and Humans to Warlords of Draenor