Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
The Jelly Bean and Kit Kat versions of the Android OS have a vulnerability in their VPN implementation. Indian hackers have used this vulnerability to get past the VPN and route traffic to a controlled server. The discovery was made by CERT-In, a group that polices the Indian Internet domain.
The Android 4.3 and 4.4 Flaw
The Computer Emergency Response Team of India (CERT-In) reported the vulnerability in Android operating systems versions 4.3 (Jelly Bean) and 4.4 (Kit Kat). CERT-In is a group in India that works to secure their Internet and prevent scams and hacks of various types.
The flaw permits hackers to hijack personal user information. Indian users have already been warned of the vulnerability. Hackers used a virus to infect users in India. The virus that is being used by the hackers also has the potential to very easily disrupt users’ computer systems. The hackers were able to get around the active VPN configurations of these users. The hackers then had access to the unencrypted traffic of the users. The plain text information could also be routed to the hacker controlled server. Examples of the information that hackers can capture include IMEI numbers, messages, and email addresses.
CERT-In reported that applications that connect directly using SSL and HTTPS pages remain safe from this vulnerability. But all information sent from the Android device in plain text can be seen and intercepted. They recommend that users update their operating systems and avoid applications from questionable sources. Standard security tips are also recommended. For instance, using strong and regularly updated antivirus software and taking care when clicking on links and visiting unknown websites.
Third Party Jelly Bean and Kit Kat VPNs
Users can also stay safe from the Android 4.3 and 4.4 VPN vulnerability by using third-party Jelly Bean and Kit Kat VPNs. These personal VPN apps are available from a number of VPN service providers worldwide. It is important to remember, however, that not all services provide the same levels of protection. When reviewing different VPN packages, look closely at the VPN protocol type and encryption levels offered. Whenever possible, use the OpenVPN protocol and use 128-bit encryption.
OpenVPN is the most stable and secure VPN protocol to date. It is closely monitored by developers and security specialists. They scan the source code regularly for any malicious additions to keep it clean and safe. 128-bit encryption is not the highest level, but it remains fast. It is enough to ensure that your data cannot be cracked by hackers and snoops unless they run the most powerful equipment available and have months to work on it. Speed is also important to your security since it means that your data packets spend less time out in the open.
ExpressVPN is a good example of a trusty VPN provider. You can also use this service on your other mobile devices and tablets at no extra cost. ExpressVPN apps are also available for Windows, Linux and Mac desktops and laptops. ExpressVPN has a neat tutorial here for help with the setup on your Android 4.3 or 4.4 device.