Application security, Endpoint/Device Security

Novel Android vulnerability exposes DNS queries

Share
Male hand holding smart phone outside.

Android devices on the latest version of the operating system were discovered to be impacted by a vulnerability that exposes DNS queries upon switching VPN servers despite the activation of the "Always-on VPN" functionality while blocking connections that do not have VPN, according to BleepingComputer.

Such a security flaw, which stems from the utilization of apps directly communicating with the getaddrinfo C function, enables DNS traffic leaks in the event of an active VPN without any DNS server or issues with the VPN app, said commercial VPN service Mullvad, which investigated the bug after being identified by one of its users.

"We have not found any leaks from apps that only use Android API:s such as DnsResolver. The Chrome browser is an example of an app that can use getaddrinfo directly. The above applies regardless of whether 'Always-on VPN' and 'Block connections without VPN' is enabled or not, which is not expected OS behavior and should therefore be fixed upstream in the OS," said Mullvad, which noted that remediating the flaw is possible by establishing a fraudulent DNS server when the VPN app is active but stressed that the issue should be fixed directly by Google.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.