computer-science
GrapheneOS fixes Android VPN leak Google refused to patch
Key takeaways
- The leak happens even when Android’s “Always-On VPN” and “Block connections without VPN” protections were enabled.
- The issue, disclosed last week by security researcher “lowlevel/Yusuf,” affected Android 16 and stemmed from a newly introduced QUIC connection teardown feature in Android’s networking stack.
- GrapheneOS is a privacy- and security-focused Android-based operating system primarily developed for Google Pixel devices.
XLinked In Reddit Facebook Share Graphene OS has released a new update that fixes a recently disclosed Android VPN bypass vulnerability capable of leaking a user’s real IP address.
The leak happens even when Android’s “Always-On VPN” and “Block connections without VPN” protections were enabled.
The issue, disclosed last week by security researcher “lowlevel/Yusuf,” affected Android 16 and stemmed from a newly introduced QUIC connection teardown feature in Android’s networking stack. In its latest release, GrapheneOS says it has “disable[d] registerQuicConnectionClosePayload optimization to fix VPN leak,” effectively neutralizing the attack vector on supported Pixel devices.
Article preview — originally published by Hacker News. Full story at the source.
Read full story on Hacker News →
More top stories
Also covered by
Aggregated and edited by the Scoop newsroom. We surface news from Hacker News alongside other reporting so you can compare coverage in one place.
Editorial policy · Corrections · About Scoop