New Delhi: A ‘critical flaw’ has been detected in the virtual private network (VPN) offered by Android operating systems in the Indian cyberspace, which has lead to speculations about ‘hijack’ of personal data of those using Android smartphones.
The suspicious activity has been noticed in two Android versions — 4.3 known as Jelly Bean and the latest 4.4 called KitKat.
Warnings have been issued to Android phone users by the internet security sleuths to guard against the spread of this virus, which affects computer systems and mobile phones.
“The flaw has been reported in VPN implementation, affecting Android versions 4.3 and 4.4. This can allow attackers to bypass active VPN configuration to redirect secure VPN communications to a third party server or disclose or hijack unencrypted communications,” claimed the Computer Emergency Response Team of India (CERT-In) in the latest advisory it issued.
The CERT-In is the nodal agency that combats hacking, phishing, and fortifies security-related defences of the Indian Internet domain. The agency said the current malicious application is capable of diverting the VPN traffic to a ‘different network address’ and exploitation of this issue ‘could allow attackers to capture entire communication originating from affected device’.
The lethality of the virus to disrupt a system is speculated to be large.
>> The malicious application is capable of diverting the VPN traffic to a ‘different network address’
>> CERT-In is the nodal agency that combats hacking, phishing
The technology is used to create an encrypted tunnel into a private network over public internet. Organisations and group of people use such connections to enable employees or acquaintances to securely connect to enterprise networks from remote locations through devices like PCs, mobiles and tablets. —Agencies