VPN Users Beware: TunnelCrack Vulnerabilities Pose Privacy Threat
In a recent revelation, cybersecurity researchers have identified a series of vulnerabilities collectively known as TunnelCrack that could potentially jeopardize the privacy and security of VPN users.
A team of academics from renowned institutions like New York University and KU Leuven demonstrated these vulnerabilities.They primarily focused on the potential loopholes in extensively used VPN systems. The findings indicate that almost all VPN products on the market are susceptible to exploitation under specific conditions. This raises concerns about how effective VPNs prove to be in securing online activities.
The researchers scrutinized more than 60 VPN clients as they delved into the vulnerabilities in their Usenix-accepted paper.
It was revealed that all VPN applications on iOS devices were susceptible to the threat. Android devices, on the other hand, offered higher resistance to these threats.
The Two Attach Mechanisms: Localnet And Server IPThe researchers further identified two primary attack mechanisms: LocalNet and ServerIP. Malicious players use these two techniques to exploit VPN traffic routing and network configurations. In the process, they reroute encrypted traffic outside the secure VPN network.
In the case of the LocalNet attack, the victim is required to connect to a compromised network. This allows online miscreants to manipulate the routing of their traffic.
One of the researchers explained how the attack works, stating, Most VPNs allow direct access to the local network while using the VPN". Therefore, the victim's connection is likely to fall into the hands of the attackers rather than traveling through the VPN tunnel.
On the other hand, the ServerIP attack involves manipulating DNS responses to redirect traffic intended for the VPN server to another IP address.
As a result of this reconfiguration, traffic has to bypass the VPN tunnel, thereby being exposed to potential interception or modification. The vulnerabilities are associated with incorrect exclusions and routing configurations present in VPN clients.
VPN Vendors Respond To Research FindingsIn the wake of the research findings, several VPN vendors have responded to the adverse potential. While Cisco has already issued advisories regarding affected VPN clients, Mullvad is working on addressing the issue in its iOS app. On the other hand, ExpressVPN has come up with a fix for its iOS app. It has also notified its users regarding the potential online adversary.
Nord Security is currently countering the vulnerabilities in its macOS and iOS VPN clients. They further noted that when routers use non-RFC1918 IP addresses, VPN leaks can take place. While these cases are rare, they can affect the entire industry.
IKEv2/IPSec protocol support on our apps, discontinued support for iOS versions older than 14.2, and implemented the Invisibility on LAN' feature for macOS users, successfully securing their VPN connections.Nord SecurityNaturally, VPN users are concerned with their security and privacy. Cybersecurity experts recommend a few actions to counter these threats. At the outset, users need to get their VPNs to the latest versions. This is because many providers have already patched up the security loopholes through subsequent updates.
Using a secure DNS service can bolster security against the ServerIP attack.Besides, adjusting and reviewing the VPN client settings to restrict local network access and routing can strengthen security.
On the other hand, corporate VPN administrators need to test their security systems thoroughly to identify vulnerabilities.
Accordingly, they should request necessary updates from their respective providers. Incorporating strict firewall rules would allow specific local network activities, further mitigating the possibility of attacks.
The post VPN Users Beware: TunnelCrack Vulnerabilities Pose Privacy Threat appeared first on The Tech Report.