Android’s operating system has identified a critical vulnerability that allows DNS traffic to leak during VPN server switches, potentially exposing users’ internet activity to cybercriminals.
The issue, which affects multiple versions of Android, including the latest Android 14, was first reported by a user on Reddit and subsequently confirmed by Mullvad VPN through an internal investigation.
The vulnerability was uncovered when a user noticed DNS queries leaking while toggling a VPN connection on and off, despite having the “Block connections without VPN” setting enabled.
Mullvad VPN’s subsequent investigation revealed that this was not an isolated incident but part of a broader issue within the Android OS.
The DNS leaks occur under specific conditions:
The leaks are primarily associated with direct calls to the C function getaddrinfo
. Applications that resolve domain names using this method, such as the Chrome browser, are particularly susceptible to leaking DNS queries in the scenarios described.
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
If you want to test all these features now with completely free access to the sandbox:
The leakage of DNS queries poses significant privacy risks, as DNS traffic can reveal the websites a user visits and the apps they use.
This vulnerability is especially concerning because it can be exploited regardless of security measures like “Always-on VPN” and “Block connections without VPN,” designed to enhance user privacy.
In response to these findings, Mullvad VPN has announced plans to implement a temporary workaround by setting a bogus DNS server in its app’s blocking state to prevent DNS leaks until the issue is resolved upstream in the Android OS.
They also urge other developers and service providers to review their applications and implement similar safeguards if necessary.
This incident highlights the need for continuous vigilance and prompt action in the digital security landscape. Android users are advised to:
Google has yet to respond to the findings, but updates to the Android OS are anticipated as the community calls for a resolution to prevent future privacy breaches.
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide
A security researcher identified a vulnerability in TeslaLogger, a third-party software used to collect data…
Threat intelligence feeds provide real-time updates on indicators of compromise (IOCs), such as malicious IPs…
Malware experts all over the world can't do their jobs without YARA. YARA has been…
The cybersecurity company Proofpoint has found a new operation using the SugarGh0st Remote Access Trojan…
The email campaign impersonates the Facebook Ads Team to trick users into clicking a malicious…
"Encrypted DNS Implementation Guidance," a detailed document from the Cybersecurity and Infrastructure Security Agency (CISA),…