Following our second vulnerability report where we demonstrated an active VPN bypass on Android Jelly Bean 4.3 we have decided to further investigate the existence of the vulnerability on Android KitKat 4.4. At first we could not reproduce it with the original vulnerability code since KitKat has a modified security implementation.
Three weeks ago on the 23rd of December 2013, a story was published in the Wall Street Journal (WSJ) regarding a vulnerability we uncovered on Samsung KNOX devices. We’ll begin with a little background about the vulnerability. We found that a malicious app (without ROOT) running in the non-secure area of a KNOX based device (for example, Samsung S4) can affect the network configuration (important settings) of the secure container.