https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/
TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user's IP address. The researchers believe it affects all VPN applications when they're connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then.
( . . . . )
Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn't implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there's a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation.
Jump in the discussion.
No email address required.
I'm assuming vpn companies will do something about this now? I only use vpns for tv shows so idgaf really, not important enough to target either as I'm a total loser, but interesting nonetheless
Jump in the discussion.
No email address required.
It seems to be the actual network you're using that allows it. Nothingburger if you're on home wifi but bad shit if you're a criminal who uses public ones.
Maybe one precaution could be to force all traffic to be routed on your device idknot smartThe traffic is being messed with at the router level so if the vpn traffic is being directed to the router then directed to the device. So shouldn't encryption handle that or something?
Jump in the discussion.
No email address required.
Idk why the feds wouldn't ask all ISP's to do this unless it really is a big ask.
I don't know if it does. But honestly it seems like with an exploit this huge there should have a been a lot of opportunities to bust really bad actors or enemy's of the state? Or maybe they did but planted something else on them to no reveal their methods?
Jump in the discussion.
No email address required.
I read other places, basically it's messing with the routers DHCP server for a WiFi network.
The attacker modifies it so your traffic goes to them before being sent to the vpn server, meaning they can peep into it unless your device is encrypting the data before sending to the DHCP server which directs it to the vpn server.
It would be a really big ask as it's something your server used to allocate where traffic inside the network goes and assigns devices local ips and handles outbound traffic (probably) which is why only a hostile / compromised network is vunerable. Which if that's already the case you're frick being there already
Jump in the discussion.
No email address required.
This has to be the biggest
then, why would anyone use a VPN that doesn't have encryption? The worse case scenario is them recording the encrypted data in the hopes of decrypting it later, but they're already doing that.
Jump in the discussion.
No email address required.
Technically they can figure out the destination and make sure to capture everything from the tunneled device in case they don't have a kill switch and leak anything.
Even the Reddit thread I dug up everyone was joking about how a BASIC routing setting is considered a “major vulnerability”
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
More options
Context
More options
Context