Computer Emergency Response Team India (CERT In) claimed a major security flaw in latest versions of Android that are Kit-Kat and Jelly Bean. CERT-In is an initiative by Government of India, they are actively sleuths the internet domain of the country and works on issues regarding the Cyber security. The suspicious or vulnerable activities have been noticed in Android 4.3 known as 'Jelly Bean' and 4.4 Known as 'Kit Kat'.
According to CERT-In "A critical flaw has been reported an Android's (Virtual Private Network) VPN implementation, affecting Android version 4.3 and 4.4 which could allow an attacker to bypass active VPN configuration to redirect secure VPN communications to a third party server or disclose or hijack unencrypted communications." as per released in latest advisory to users of this network.
The advisory also said that "It is noted that not all applications are encrypting their network communication. Still there is a possibility that attacker could possibly capture sensitive information from the affected device in plain text like email addresses, IMEI number, SMSes, installed applications".
VPN (Virtual Private Network) is technology that is used to create an encrypted tunnel into a private network over public internet. Different organization and groups of people use such connections to enable employees or association to securely connect to enterprise networks from remote locations through multiple devices, from laptops to desktops to mobiles and tablets.
Previously, CERT-In had alerted Android enabled mobile phone users against a suspicious activity being detected with search engine 'Bing' on Internet –Enabled communication devices. The agency also alerted that a possible attack through the virus can harm their devices and may loss their personal data and information. After this issue CERT-In also alerted about the various security issues regarding the browsers like Google Chrome and Mozilla Firefox. The vulnerabilities could be exploited by some remote users to trespass the security barriers and can disclose personal data and information and can also able to execute despotic code that can harm the device temporarily or permanently.
CERT-In also reported that this malfunction is only found in the latest versions of Android, the previous versions which are 'Ice Cream sandwich and Ginger Bread' will stay unaffected with this threat.
The agency also noted some countermeasures to the Android phone users 'Apply appropriate updates from the original equipment manufacturer, maintain updated mobile security solution or mobile anti-virus solutions on the device, do not download and install applications from un-trusted sources, do not click on the URLs received via SMS or email unexpectedly from trusted sources.'