[guardian-dev] vuln: malicious Android apps can bypass active VPN configuration

Hans-Christoph Steiner hans at guardianproject.info
Sat Jan 18 14:24:39 EST 2014


Bad news for the idea of using the Android VPN support for Tor proxying:

"This vulnerability enables malicious apps  to bypass active VPN configuration
(no ROOT permissions required) and redirect secure data communications to a
different network address."

http://cyber.bgu.ac.il/blog/vpn-related-vulnerability-discovered-android-device-disclosure-report

.hc

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 969 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20140118/e317d18b/attachment.pgp>


More information about the Guardian-dev mailing list