The Ben Gurion University security researchers who tangled with Samsung over its KitKat security implementation have posted a follow-up, in which they demonstrate how a malicious app could bypass some VPN protections in Android. Back in December, the university's Cyber Security Labs stated that Samsung's Knox implementation …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Wednesday 22nd January 2014 02:49 GMT busycoder99

KitKat

is Android 4.4 not 4.3

4 1
Wednesday 22nd January 2014 07:37 GMT Anonymous Coward

" it's important to note that it can only be exploited if a user can be tricked into installing a malicious application."

<irony>

And there's none of those for Android at all, right?

</irony>

5 3
Wednesday 22nd January 2014 19:05 GMT Anonymous Coward

Socks Proxy

So basically all you would been to do was force all traffic over a proxy of some sort (potentially a socks proxy) which you owned regardless of if the traffic transited the vpn or native data connection and hover it all up... simples..

ABP basically does the same on android with a local proxy to block the ads, although your better off manually patching the hosts file if you ask me... anyway moving on.

But honestly who sets up a mobile device to use email service which doesn't use ssl or tls these days...

Essentially all it boils down to is the told the user install x program that then asked for permissions to things it didn't need and the user clicked yes that's fine install...

Bit of a non event if you ask me, now if they had cooked in something like ssl strip to try and snaffle up web traffic as well it would be more interesting.

1 0
1. Thursday 23rd January 2014 00:28 GMT Anonymous Coward
  
  Re: Socks Proxy
  
  "Essentially all it boils down to is the told the user install x program that then asked for permissions to things it didn't need and the user clicked yes that's fine install…"
  
  Yeah I mean no-one ever does that
  
  0 0

This topic is closed for new posts.

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

User topics

Article topics

Israeli Android researchers demo VPN vulnerability

COMMENTS

KitKat

Socks Proxy

Re: Socks Proxy

Other stories you might like

Google will delete data collected from 'private' browsing

Google sues app devs, claims they're Play Store crypto scammers with 100k+ victims

Google bakes new cookie strategy that will leave crooks with a bad taste

Google's AI-powered search results are loaded with spammy, scammy garbage

Google ponders making AI search a premium option

Microsoft's playdate in Google's Privacy Sandbox gets messy

Miscreants are exploiting enterprise tech zero days more and more, Google warns

In-app browsers are still a privacy, security, and choice problem

Happy 20th birthday Gmail, you're mostly grown up – now fix the spam

Why France this week fined Google €250M over web news

Google is wrong to put AI search features behind paywall, says HPC leader

Rust developers at Google are twice as productive as C++ teams

About Us

Our Websites

Your Privacy