Subscribe via feed.

Android Private Internet Access Denial Of Service

Posted by deepcore on October 28, 2017 – 4:51 pm

The Android application provided by Private Internet Access (PIA) VPN service can be crashed by downloading a large file containing a list of current VPN servers. This can be exploited by an MITM attacker via intercepting and replacing this file. While the file is digitally signed, it is not served over SSL and the application did not contain logic for checking if the provided file is very large. The vendor has fixed this issue in version 1.3.3.1 and users should install the latest version.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.