TunnelVision attacks force VPNs to transmit some or all of their traffic outside the encrypted tunnel that is designed to protect it from snooping or tampering, thereby undermining the primary purpose of VPNs.
TunnelVision manipulates the DHCP server that allocates IP addresses to devices attempting to connect to the local network. It uses a setting known as option 121 to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself.
The researchers at Leviathan Security who discovered this vulnerability believe it affects all VPN applications when they’re connected to a hostile network. They also suggest that there are no ways to prevent such attacks except when the user’s VPN runs on Linux or Android.
The impact of TunnelVision is significant. The victim’s traffic is now decloaked and being routed through the attacker directly. This allows the attacker to read, drop, or modify the leaked traffic while the victim maintains their connection to both the VPN and the Internet.
Interestingly, this attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then. However, it has gone publicly unnoticed until now. This discovery challenges VPN providers’ assurances that a VPN is able to secure a user’s traffic on untrusted networks and raises serious questions about the effectiveness of VPNs in maintaining user privacy and security.
Read more: www.wired.com