Security News > 2024 > May > Android bug can leak DNS traffic with VPN kill switch enabled

Android bug can leak DNS traffic with VPN kill switch enabled
2024-05-03 21:02

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option.

Enabling the "Block Connections Without VPN" option ensures that ALL network traffic and connections pass through the always-connected VPN tunnel, blocking prying eyes from monitoring the users' web activity.

They discovered that Android leaks DNS traffic when a VPN is active or when a VPN app re-configures the tunnel, crashes, or is forced to stop.

Mullvad said that the first DNS leak scenario, where the user switches to another server or changes the DNS server, can be mitigated easily by setting a bogus DNS server while the VPN app is active.

It has yet to find a fix for the VPN tunnel reconnect DNS query leak, which is valid for all other Android VPN apps seeing that they're also likely impacted by this issue.

In October 2022, Mullvad also found that Android devices were leaking DNS queries every time they connected to a WiFi network because of connectivity checks even if "Always-on VPN" was toggled on with "Block connections without VPN" enabled.


News URL

https://www.bleepingcomputer.com/news/security/android-bug-can-leak-dns-traffic-with-vpn-kill-switch-enabled/