Security researchers have discovered a new attack method that can intercept VPN user traffic despite encryption. This practically defeats the main purpose of a VPN. The vulnerability manipulates DHCP server settings and works against almost all VPN applications.
Researchers from Leviathan Security have modeled a new type of cyberattack that they believe has been around for a long time and allows attackers to intercept the traffic of virtual private network (VPN) users. This attack is called TunnelVision. It exploits a vulnerability in the DHCP protocol, which is used to assign IP addresses on local networks, reports Arstechnica.
As you know, VPNs encapsulate the user's Internet traffic in an encrypted tunnel and hide his real IP address. However, in a TunnelVision attack, some or all of the traffic is removed from the encrypted tunnel and becomes available for interception and analysis by attackers.
According to Lizzie Moratti and Dani Cronce, TunnelVision affects almost all VPN applications on Windows, macOS and iOS platforms, except Linux and Android. However, it has existed since 2002, remaining unnoticed. It cannot be ruled out that hackers have already used it in real attacks.
The published study explains that attackers run their own DHCP server on the same network to which the victim connects. This server uses the DHCP protocol (option 121) to change routing rules on the victim device. As a result, all or only part of the traffic begins to pass through the hackers' DHCP server in unencrypted form. At the same time, the VPN connection itself remains active and the user does not suspect anything. To carry out this attack, the attacker needs administrative access to the network to which the victim is connecting.
It is noted that at the moment there are not many effective methods of protection against TunnelVision. The only OS that is completely protected from this attack is Android, since it does not support the DHCP protocol (option 121). Linux also has settings that minimize the attack.
Thus, TunnelVision appears to be a serious threat to the anonymity and privacy of VPN users, because it allows encrypted traffic to be completely compromised and negate all the benefits of virtual private networks. Researchers from Leviathan Security recommend that VPN developers fix this dangerous vulnerability in their products as quickly as possible.
If you notice an error, select it with the mouse and press CTRL+ENTER.
The post TunnelVision vulnerability allows interception of encrypted VPN traffic appeared first on Aroged.