CERT warns of flaw in VPN from Android OS in Indian cyberspace
03 Mar 2014
Nodal Indian security agency, Computer Emergency Response Team of India (Cert-In), which has issued several security alerts lately, has now uncovered a critical flaw in the virtual private network (VPN) offered by Android operating systems in the Indian cyberspace.
The flaw reportedly leads to compromise of personal data of users.
VPN technology allows the creation of an encrypted tunnel into a private network over public internet.
Such connections are used by organisations to enable employees to securely connect to enterprise networks from remote locations using their desktops, laptops, tablets and so on.
Internet security agencies have started alerting consumers about the service to safeguard computer systems and devices using the Android operating system.
The security flaw has been seen in the Android 4.3 Jelly Bean and the latest 4.4 KitKat versions, but does not affect older versions like Gingerbread.
Cert-In is in the forefront of security of the Indian internet domain and seeks to defend against hacking, phishing and seeks to strengthen security-related defences of the Indian Internet domain.
In its latest advisory to users, the agency, reported a critical flaw in Android's (virtual private network) VPN implementation.
The flaw affected Android version 4.3 and 4.4 and could allow an attacker to ''bypass active VPN configuration to redirect secure VPN communications to a third party server or disclose or hijack unencrypted communications.''