VPN bypass vulnerability affects Android Jelly Bean and KitKat, researchers sa

Discussion in 'privacy problems' started by lotuseclat79, Jan 28, 2014.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Is it possible to run VMs in Android?

    It would be far safer to run the VPN on the host, and all user apps in the VM(s).
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    That's a good question mirimir - I don't know the answer to it, but if so, then is not that the scheme that GuardianROM is attempting?

    -- Tom
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Hopefully Kyle will answer that.
     
  5. x942

    x942 Guest

    Yes, this is what we are expirimenting with. It won't make it into the first release as its to unstable and not userfriendly in the least. I am probably going to contact the Qubes OS Team and work with them on it or at least get some tips from them.

    As per this VPN Bypass it looks like a malware app must be installed. While I will definately pull any patches that google may release into Guardian Rom, I don't see this as a huge issue. Watch what you install and you should be fine. If you install malware (regardless of this attack) your phone is compromised.

    With that said VM's would limit this. As long as Dom0 isn't compromised your VPN can't be bypassed. Once a PoC is released or at least more details I will test it against Guardian Rom.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Wow, Android with Qubes-style VMs!

    Thanks :)
     
Loading...
Thread Status:
Not open for further replies.