While there may have been more than 900 million Android devices activated in 2013 alone, those impressive sales numbers have only added fuel to the fire for cyber criminals. For example, consider the recent revelation from Ben Gurion University of how malicious apps can be used to bypass VPN configurations and push would-be encrypted communications to a different network address. That adds a whole new element to the Android security conversation entirely. As Jeffrey Ingalsbe, director of the Center for Cyber Security and Intelligence Studies at the University of Detroit Mercy said, that’s because this new vulnerability “attacks one of the [security] pillars we thought we could count on in the mobile world,” – VPNs.
Ingalsbe is right – VPNs have been a cornerstone to secure remote access to corporate networks for a long time now, and the possibility that the peace of mind they ensure has been compromised is alarming. However, if we take a closer look at the vulnerability uncovered by Ben Gurion University, it becomes apparent that cyber criminals are attempting to use an old trick in a new disguise.
Man-in-the-middle (MitM) attacks, a form of which the researchers used to bypass VPN security, are actually pretty simple. They are designed to intercept communications between two endpoints (e.g. an Android device and a corporate network) before those communications have entered the safety of a VPN’s encrypted tunnel. Instead, the unencrypted data is redirected to an alternate location, such as a cyber criminal’s computer, where it is quickly stored on the device’s local hard drive before being passed along into the VPN and onto a corporate network.
As of right now, there have been no reported cases of the so-called Android VPN vulnerability being exploited by anyone other than the researchers at Ben Gurion University. However, emerging threats such as this always reinforce the necessity of having comprehensive remote access security that includes a centrally managed VPN and vigilant employee education. The latter is particularly important considering that, in order for this MitM attack to be possible in the first place, employees must download a malicious app. That’s a very important distinction to make, as is the fact that VPNs themselves are safe, as long as IT and employees are working together to ensure all the necessary security precautions and policies are being adhered to.
With the end of Q1 2014 just around the corner, enterprises must reevaluate their IT security infrastructure and work to patch any gaps that may exist, if they have not done so already.
Joerg Hirschmann | www.ncp-e.com | @NCP_engineering
Joerg Hirschmann has been employed at NCP engineering GmbH in Nuremberg, Germany, since 1994. His fields of activity have been support, consulting, system engineering and training. In 2001 he became technical director. His technical knowledge and his practice-related expertise are highly valued by customers and sales partners.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.