Heads up, Android users! If you’re using a VPN, it’s time to meddle with your device settings to deal with the DNS leak vulnerability that sneakily affects Android devices. This vulnerability keeps leaking the DNS traffic even with the “Always-On” kill switch on Android, risking users’ privacy.
A recent post from Mullvad – popular for its Mullvad VPN – highlights a serious privacy issue with the existing Android devices. The researchers observed a DNS leak vulnerability in the Android system that stays active even with the permanent kill switch, lowering down the users’ privacy guards.
Mullvad researchers caught this vulnerability after witnessing users’ reports on Reddit, who suspected a DNS leak problem with Android. According to their comments, different users tried different VPNs on their respective devices running Android OS (and even GrapheneOS), and the problem persisted.
Following these comments, Mullvad researchers inquired the matter and noticed the system issue that awaits a fix. Specifically, the vulnerability comes into effect during VPN reconnections. That is, when the user disconnects and reconnects the VPN, or a VPN connection drops due to tunnel reconfiguration or app crashes, then Android briefly leaks users DNS for a brief period of time. While VPNs’ kill switch and the “Always-On” VPN setting on Android is supposed to prevent such leaks, it doesn’t work as intended.
The researchers observed this behavior limited to direct calls to the C function getaddrinfo. While this sounds limiting the scope of the vulnerability, it’s actually serious because it directly impacts Google Chrome browser, which can directly use getaddrinfo, and is the most used browser for Android users. (It also comes pre-installed in most Android devices.)
The researchers have shared the technical details and the steps to reproduce the DNS leak in their post.
Following this discovery, Mullvad reported the matter to Google. According to its statement shared with Bleeping Computer, Google is working to address it.
“Android security and privacy is a top priority. We’re aware of this report and are looking into its findings.
Nonetheless, it means that until a patch arrives, Android users remain vulnerable to DNS leaks regardless of the VPN they use.
As potential mitigation, Mullvad advises setting up a bogus DNS server when using the VPN app. This would hide the actual DNS in case of DNS leak events.
Mullvad further clarified that this mitigation should ideally be implemented at the OS level, instead of the VPN app level, so as to protect all users throughout.
Let us know your thoughts in the comments.
Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
latesthackingnews.com 2011 – 2024 All rights reserved
About The Author
More Stories
Anatomy of a Scam
Climate and Environmental Sustainability Within the IETF and IRTF
From Commitments to Practice: Internet Society’s Priorities for WSIS+20 Implementation