[guardian-dev] vuln: malicious Android apps can bypass active VPN configuration

Nathan of Guardian nathan at guardianproject.info
Sat Jan 18 14:25:53 EST 2014


Also that whole feature is broken in 4.4!

Hans-Christoph Steiner <hans at guardianproject.info> wrote:
>
>Bad news for the idea of using the Android VPN support for Tor
>proxying:
>
>"This vulnerability enables malicious apps  to bypass active VPN
>configuration
>(no ROOT permissions required) and redirect secure data communications
>to a
>different network address."
>
>http://cyber.bgu.ac.il/blog/vpn-related-vulnerability-discovered-android-device-disclosure-report
>
>.hc
>
>-- 
>PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Guardian-dev mailing list
>
>Post: Guardian-dev at lists.mayfirst.org
>List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
>To Unsubscribe
>        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>Or visit:
>https://lists.mayfirst.org/mailman/options/guardian-dev/nathan%40guardianproject.info
>
>You are subscribed as: nathan at guardianproject.info
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20140118/94f87b65/attachment.html>


More information about the Guardian-dev mailing list