CBG in the News
Active VPN Bypass on Android KitKat – Disclosure Report
Following our second vulnerability report where we demonstrated an active VPN bypass on Android Jelly Bean 4.3 we have decided to further investigate the existence of the vulnerability on Android KitKat 4.4. At first we could not reproduce it with the original vulnerability code since KitKat has a modified security implementation. Following an elaborate investigation we were able to reproduce the same vulnerability where a malicious app can bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption)...
Read More ...Our Professional and Humble Response to Samsung
Three weeks ago on the 23rd of December 2013, a story was published in the Wall Street Journal (WSJ) regarding a vulnerability w...
Read More ...