VPN bypass vulnerability affects Android Jelly Bean and KitKat, researchers sa

VPN bypass vulnerability affects Android Jelly Bean and KitKat, researchers say.

-- Tom

 

Is it possible to run VMs in Android?

It would be far safer to run the VPN on the host, and all user apps in the VM(s).

 

That's a good question mirimir - I don't know the answer to it, but if so, then is not that the scheme that GuardianROM is attempting?

-- Tom

 

Hopefully Kyle will answer that.

 

Yes, this is what we are expirimenting with. It won't make it into the first release as its to unstable and not userfriendly in the least. I am probably going to contact the Qubes OS Team and work with them on it or at least get some tips from them.

As per this VPN Bypass it looks like a malware app must be installed. While I will definately pull any patches that google may release into Guardian Rom, I don't see this as a huge issue. Watch what you install and you should be fine. If you install malware (regardless of this attack) your phone is compromised.

With that said VM's would limit this. As long as Dom0 isn't compromised your VPN can't be bypassed. Once a PoC is released or at least more details I will test it against Guardian Rom.

 

Wow, Android with Qubes-style VMs!

Thanks