Security News > 2024 > May > New Attack on VPNs

New Attack on VPNs
2024-05-07 15:32

Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.

TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user's IP address.

The researchers believe it affects all VPN applications when they're connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android.

The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network.

A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel.

By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself.


News URL

https://www.schneier.com/blog/archives/2024/05/new-attack-on-vpns.html