There is a critical flaw in the virtual private network (VPN) offered by Android operating systems in the Indian cyberspace which makes them prone to attacks by hackers, according to Cert-In which is a part of the Indian government that deals with the cyber security threats. The organisation went on to add that the flaw may lead to hijack of personal data of users.
VPN is a technology that allows one to create an encrypted channel for users to connect to a private network using public internet. Many organisations use it to allow their employees to securely connect to enterprise networks from remote locations using their PCs, tablets, smartphones etc.
Notably, this recent flaw is found only in Jelly Bean and higher versions of KitKat while older Android Gingerbread is not affect by the same.
“A critical flaw has been reported in Android’s (virtual private network) VPN implementation, affecting Android version 4.3 and 4.4 which could allow an attacker to bypass active VPN configuration to redirect secure VPN communications to a third party server or disclose or hijack unencrypted communications,” Cert-In said in a statement.
Cert-In had further advised that one should “apply appropriate updates from original equipment manufacturer, do not download and install application from untrusted sources, maintain updated mobile security solution or mobile anti-virus solutions on the device, exercise caution while visiting trusted or untrusted URLs and do not click on the URLs received via SMS or email unexpectedly from trusted or received from untrusted users.”