Understanding and addressing Android VPN vulnerabilities

In early 2014, mobile data security specialists discovered vulnerabilities in the Android mobile operating system, which affects the natively installed VPN client and exposes data and communications to interception. The concept of the VPN boundary (as described by the IeTF and required by the US department of defense) is the fundamental element in this vulnerability and when implemented properly the solution to this problem.

This paper is intended for a technical audience looking to better understand their current risks related to this disclosure including:

  • CISO’s and Enterprise Network Security professionals
  • Network security services providers
  • Security Analysts
  • Mobile Device OEM’s
  • Mobile Device Management and managed security services

    It provides an analysis of the root cause of the Android VPN vulnerabilities, the risks of continued use of the native client and why use of mobile devices with the INSIDE Secure’s QuickSec Mobile VPN client provides VPN security and enforcement as required.