In a study that will send a shiver down the spine of many savvy web users, researchers at Ben Gurion’s University in Israel have discovered that the popular Android operating system has a serious flaw in it, which could allow third parties to dodge the security offered by major VPN providers. Snoopers exploiting the vulnerability would apparently then have no trouble reading web users’ private, supposedly encrypted communications.
Dudu Mimran, a staffer at BGU, spelled out the bad news for web users, saying that the Android security flaw enabled “malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address.” Furthermore, according to Mimran, the snagged communications are displayed to tricksters as plain text (unencrypted).
Following the initial revelations by Mimran and his colleagues at BGU, further investigation has revealed that the specific flaw affects a range of the latest and greatest Android smart phones, and also that there is no VPN provider that currently offers users’ any real protection. In other words, no matter whether you have set up your VPN correctly, a determined hacker using the same wireless hotspot could easily grab your communications and read them.
Perhaps the only good news at the present time for users of VPNs on Android is that hackers wanting to exploit the flaw first need to install a piece of malware on the target device in order to redirect the traffic passed through the VPN tunnel. Therefore, the best advice for VPN users running Android devices is that they should be wary of installing unknown apps on their phones and tablets. If you stick to tried and trusted sources, such as Google’s Play store, you will certainly lower your risk to the absolute minimum.
In addition, Android users must be hoping that Google will get its finger out and work quickly to plug this gaping hole in its mobile operating system.