Security News > 2024 > May > New Attack on VPNs
Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.
TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user's IP address.
The researchers believe it affects all VPN applications when they're connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android.
The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network.
A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel.
By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself.
News URL
https://www.schneier.com/blog/archives/2024/05/new-attack-on-vpns.html
Related news
- Cisco warns of password-spraying attacks targeting VPN services (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- Cisco warns of large-scale brute-force attacks against VPN services (source)
- Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services (source)
- New attack leaks VPN traffic using rogue DHCP servers (source)
- New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation (source)