As part of our ongoing mobile security research we have uncovered a network vulnerability on Android devices which has serious implications for users using VPN. This vulnerability enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.
News & Press
JVP, Israel's leading VC firm and the largest early-stage cyber-security investor in Israel, announced today that Titanium Core, an innovative startup that protects mission-critical infrastructure, has won JVP's first ever “Cybertition” cyber-security startup competition. Titanium will receive a $1M Investment and a spot in JVP Cyber Labs incubator based in the growing cyber epicenter in Beer-Sheva.
Following our second vulnerability report where we demonstrated an active VPN bypass on Android Jelly Bean 4.3 we have decided to further investigate the existence of the vulnerability on Android KitKat 4.4. At first we could not reproduce it with the original vulnerability code since KitKat has a modified security implementation.
Three weeks ago on the 23rd of December 2013, a story was published in the Wall Street Journal (WSJ) regarding a vulnerability we uncovered on Samsung KNOX devices. We’ll begin with a little background about the vulnerability. We found that a malicious app (without ROOT) running in the non-secure area of a KNOX based device (for example, Samsung S4) can affect the network configuration (important settings) of the secure container.
Welcome to our new shiny blog! The cyber security labs of Ben Gurion university is located in Beer Sheva, the capital of the Negev which is the southern part of Israel and it was founded three months ago. Just to be clear, starting 3 months ago does not mean we are newbies.
A man in the middle is a classic attack. If there was a popularity contest for attacks I would bet that MitM (Man-in-the-middle) would score one of the top three! To our readers who don't know how it works then it is basically a setup of two endpoints that communicate with each other (i,e, client server) and someone or something seats somewhere in between and starts eavesdropping and maybe even changing the communications on the go.
Here is a nice illustration: