Recent research findings showed the Android mobile operating system may allow hackers to bypass networks. Operating systems like Android 4.3 Jelly Bean and Android 4.4 KitKat can let hackers write applications that can breach virtual private network connections. Hackers can also redirect traffic under clear text to any attacker.

Israel's Ben Gurion University researchers said the vulnerability threat can be accessed using particularly crafted malicious software. The software may be used to bypass VPN configurations. This can change the traffic flow in the device to a different network address.

According to Dudu Mirman, chief technical officer of the department, he found the malicious application a major concern for Google. In a write-up posted on the university's cyber security blog, Mriman wrote:

"As part of our ongoing mobile security research we have uncovered a network vulnerability on Android devices which has serious implications for users using VPN. This vulnerability enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."

The malicious application can bypass the VPN without root permissions. What is more alarming is that the user will not see any notifications whether his data has been captured or exploited in any way. The researchers provided a video demonstration. The video features a researcher attempting to exploit a Samsung Galaxy S4 device.

The research claimed they tested a range of devices from different manufacturers for their experiment.

In the video's background, the researcher was also shown working with a packet capturing tool using a desktop machine. The desktop is part of the same network. Mirman ran his malicious application. He chose the exploit button, switched the VPN on and sent an email. The computer in the background started gathering information running from the Android device.

The security threat would also leak secure sockets layer traffic (SSL), including transport layer security (TLS). One good side is that the data will still be encrypted despite being captured. Hackers may or may not have the ability to crack the encryption. Still, it remains a big threat. Mirman also indicated that the bug was confirmed on Android 4.3 Jelly Bean and possibly Android 4.4 KitKat. They were still testing the KitKat software thoroughly.