Early in January, a team of researchers in a lab in Israel discovered that Android 4.3 has a serious weakness. The flaw allows malware to get through even when a device is on a VPN. And then traffic could be rerouted by the malware to the attackers’ servers. Now the team from Ben Gurion University report that Android 4.4 is susceptible as well.
The Weakness
The team of Cyber Security researchers at the Israel university reported in mid-January that the weakness is exploited by a malicious app. When the app is downloaded, it compromises the device to allow connections through the VPN security. This means that attackers using this app can get the unencrypted user data that is supposed to be protected by the VPN. Since it bypasses the VPN, everything is now unprotected. This attack is a man-in-the-middle attack, and it can be prevented by safe downloading practices and the use of SSL with the VPN connections.
The problem here is not only an OS weakness but that that there are so many free downloadable apps for Android devices. People need to keep using their trusted VPNs like ExpressVPN and just be more careful about the kinds of apps they download. Some third party VPN clients are not affected by the malware. So until we have a clear report from Google and the research team, users should not give up their VPN shields.
Jelly Bean and Kit Kat
Jelly Bean was the most popular Android OS version. And with Android sales topping iOS sales in 2013, that’s a lot of Android 4.3 devices floating around. And when Kit Kat was announced, many Android fans could not wait to get their hands on this newest and greatest Android OS version. Many Android 4.4 devices have already been sold while the majority of the 4.3 devices are still in circulation. This means that there are a lot of users out there who are at risk because of the new weakness found.
