Android Ruins VPN Use Due To Its DNS Leak Flaw

Heads up, Android users! If you’re using a VPN, it’s time to meddle with your device settings to deal with the DNS leak vulnerability that sneakily affects Android devices. This vulnerability keeps leaking the DNS traffic even with the “Always-On” kill switch on Android, risking users’ privacy.

DNS Leak May Happen On Android Even With Active Kill Switch

A recent post from Mullvad – popular for its Mullvad VPN – highlights a serious privacy issue with the existing Android devices. The researchers observed a DNS leak vulnerability in the Android system that stays active even with the permanent kill switch, lowering down the users’ privacy guards.

Mullvad researchers caught this vulnerability after witnessing users’ reports on Reddit, who suspected a DNS leak problem with Android. According to their comments, different users tried different VPNs on their respective devices running Android OS (and even GrapheneOS), and the problem persisted.

Following these comments, Mullvad researchers inquired the matter and noticed the system issue that awaits a fix. Specifically, the vulnerability comes into effect during VPN reconnections. That is, when the user disconnects and reconnects the VPN, or a VPN connection drops due to tunnel reconfiguration or app crashes, then Android briefly leaks users DNS for a brief period of time. While VPNs’ kill switch and the “Always-On” VPN setting on Android is supposed to prevent such leaks, it doesn’t work as intended.

The researchers observed this behavior limited to direct calls to the C function getaddrinfo. While this sounds limiting the scope of the vulnerability, it’s actually serious because it directly impacts Google Chrome browser, which can directly use getaddrinfo, and is the most used browser for Android users. (It also comes pre-installed in most Android devices.)

The researchers have shared the technical details and the steps to reproduce the DNS leak in their post.

Google Informed of The Flaw

Following this discovery, Mullvad reported the matter to Google. According to its statement shared with Bleeping Computer, Google is working to address it.

“Android security and privacy is a top priority. We’re aware of this report and are looking into its findings.

Nonetheless, it means that until a patch arrives, Android users remain vulnerable to DNS leaks regardless of the VPN they use.

As potential mitigation, Mullvad advises setting up a bogus DNS server when using the VPN app. This would hide the actual DNS in case of DNS leak events.

Mullvad further clarified that this mitigation should ideally be implemented at the OS level, instead of the VPN app level, so as to protect all users throughout.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil

1 comment

M Qamar munir May 10, 2024 - 8:03 am
Absolutely right if any one privately appload her material in social media.Then due to VPN hacker or spy leaked data with the help of this private data leaked. Best article about this.Bad uses and also some add this if Government block any social media platform in country then also people use VPN for using that platform. I Agree with you. Keep it up good luck

Comments are closed.

Add Comment