Critical flaws in the private network of Android operating systems have resulted in a hijack of personal data in the Indian cyberspace. Internet security sleuths have also alerted consumers to be cautious about this virus, affecting the computer systems and mobile phones.
The suspicious activity has been noticed in two Android versions-- 4.3 known as 'Jelly Bean' and the latest version 4.4 called 'Kit Kat'. "A critical flaw has been reported in Android's (virtual private network) VPN implementation, affecting Android version 4.3 and 4.4 which could allow an attacker to bypass active VPN configuration to redirect secure VPN communications to a third party server or disclose or hijack unencrypted communications," stated the Computer Emergency Response Team of India (CERT-In).
In order to fortify security-related defences of the Indian Internet domain, CERT-In is using the VPN technology. This technology helps to create an encrypted tunnel into a private network over public Internet.
The agency said the current malicious application is capable of diverting the VPN traffic into a different network address. "It should be noted that not all applications are encrypting their network communication. But the hacker can possibly capture sensitive information from the affected device in plain text like email addresses, IMEI number, SMSes, installed applications," said the Advisory.
Cyber experts said that this anomaly could only lead towards viewing the data which is in plain text and Android applications, thus connecting to the server.
The cyber agency has also said ‘Websites which use 'https' in their URL will also be safe.’ As suggested by the cyber agency, one needs to apply appropriate updates from original equipment manufacturer, avoid downloading application from untrusted sources. It’s better to maintain an updated mobile security solution or mobile anti-virus solutions on the device.
