Newly discovered attack can render VPNs useless

Dakota Tebaldi

Dakota Tebaldi

Well-known member
VVO Supporter 🍦🎈👾❤
Joined
Sep 19, 2018
Messages
9,844
Location
Ohio
Joined SLU
02-22-2008
SLU Posts
16791
arstechnica.com

Novel attack against virtually all VPN apps neuters their entire purpose

TunnelVision vulnerability has existed since 2002 and may already be known to attackers.
arstechnica.com arstechnica.com

Our technique is to run a DHCP server on the same network as a targeted VPN user and to also set our DHCP configuration to use itself as a gateway. When the traffic hits our gateway, we use traffic forwarding rules on the DHCP server to pass traffic through to a legitimate gateway while we snoop on it.

We use DHCP option 121 to set a route on the VPN user’s routing table. The route we set is arbitrary and we can also set multiple routes if needed. By pushing routes that are more specific than a /0 CIDR range that most VPNs use, we can make routing rules that have a higher priority than the routes for the virtual interface the VPN creates. We can set multiple /1 routes to recreate the 0.0.0.0/0 all traffic rule set by most VPNs.
Click to expand...
Basically they're able to use a DHCP server setting to quietly re-direct local traffic before it even gets to the VPN client, shunting the data into an unencrypted route where it can be read and manipulated by the attacker. The VPN itself stays connected though, so it continues to believe everything is normal and doesn't give any alerts or trip its kill-switch.

This is seriously bad, and one of the worst things about it, to me, is that the language in the article suggests that it's a vulnerability that can't be fixed.
 
  • 1Thanks
Reactions: Free
Bartholomew Gallacher

Bartholomew Gallacher

Well-known member
Joined
Sep 26, 2018
Messages
6,912
SL Rez
2002
Personally this does not worry me, because I distrust all VPN providers equally with proprietary apps. And if they want to inspect my traffic without me knowing it, they've been for sure doing it since a long time. So the impact of this vulnerability is meh for that use case.
 
  • 2Agree
Reactions: Kokoro Fasching and Sid
Sheera Khan

Sheera Khan

Mostly lurking
Joined
Jul 9, 2021
Messages
79
Location
Germany
SL Rez
2010
Without having read the article yet - Having access to or even implementing your own DHCP server in a foreign network already is a lottery win for the attacker! Most manageable switches have options to prevent just that. You can restrict DHCP answers to coming from certain secure ports. Same holds for some other services like DNS i.e. If your admin doesn't know basic security stuff you're screwed anyways :-/
Using a third party VPN provider isn't really secure by design and it really is no rocket science to implement your own VPN with managing your own keys in a secure way. If you have to rely on a third party provider I then question the purpose for that setup. If it's solely to bypass regional barriers due to copyright issues it shouldn't worry you too much ^^
 
  • 1Like
Reactions: Sid
Sid

Sid

Lord of the plywood cubes.
VVO Supporter 🍦🎈👾❤
Joined
Sep 20, 2018
Messages
7,040
Internet: Assume everybody can peek in. So act accordingly with important sensitive information is the best solution.
 
  • 1Agree
Reactions: Govi
You must log in or register to reply here.
Top Bottom