Here's some serious threat for all those currently using devices running on Android Jelly Bean or KitKat. According to reports, a new Android security flaw has been discovered that affects the virtual private network of devices running on Jelly Bean or KitKat.
Revealed first via the Computer Emergency Response Team of India (CERT-In), the team picked up the issue of the security flaw by stating in an advisory released to users of its network: "A critical flaw has been reported in Android's (virtual private network) VPN implementation, affecting Android version 4.3 and 4.4 which could allow an attacker to bypass active VPN configuration to redirect secure VPN communications to a third party server or disclose or hijack unencrypted communications."
For users who are not sure as to what VPN is or how it works out, it is a technology that allow users to connect to a private network via an encrypted tunnel over the common public Internet service. Most companies and organizations make use of this to allow employees to securely connect to the company-based networks from remote locations. Several devices can be used to connect to a VPN such as desktops, laptops, smartphones, and tablets.
The CERT-In advisory also adds that "It is noted that not all applications are encrypting their network communication. Still there is a possibility that attacker could possibly capture sensitive information from the affected device in plain text like email addresses, IMEI number, SMSes, installed applications."
Security experts also say that this flaw will allow data written in plain text to be captured and viewed. Android apps that directly connect to a server using SSL, however, will not be affected by this flaw.
The security threat, as mentioned, has the ability to disrupt a large system.