AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Critical VPN flaw discovered: the TunnelVision attack

A new type of DHCP attack threatens the security of VPN networks by exposing user data

Researchers have discovered a vulnerability, called TunnelVision, in VPNs that allows data to be diverted and intercepted using the DHCP protocol. They recommend using personal hotspots and virtual machines to protect yourself.

This pill is also available in Italian language

Researchers at Leviathan Security Group have highlighted a major vulnerability in VPNs that could undermine their security. The attack, called TunnelVision (CVE-2024-3661), exploits a feature of the DHCP protocol that has existed since 2002. This option, originally intended to facilitate network configuration, allows hackers to divert data traffic from a VPN connection out of its encrypted tunnel, thus making it possible to intercept the information transmitted.

The technical functioning of the TunnelVision attack

The attack exploits DHCP option 121, which allows the addition of static routes in network clients. Experts have shown that by creating a dummy DHCP server in the same network as the target, it is possible to redirect VPN traffic to a gateway under the attackers' control. Although the VPN system still indicates that the connection is secure, in reality some or all of the user's traffic is routed outside the encrypted tunnel.

Operating systems at risk and possible mitigations

This research shows that all operating systems, except Android, are susceptible to this attack. Android is immune because it does not support DHCP option 121. For Linux users, there is a possible mitigation, although it introduces a potential back channel that could be exploited for denial of service (DoS) attacks. This scenario poses a particular threat in public network environments, such as airports or cafes, where the use of VPN networks is frequent to protect the transmission of sensitive data.

Recommendations for protection from TunnelVision

In response to this vulnerability, Leviathan Security Group suggests some defense strategies. One approach is to use personal hotspots, which create a secure LAN with authentication. Another security measure is to use virtual machines with direct network configurations, which isolate network traffic in a more controlled manner. Both solutions are aimed at preventing unwanted access to data traffic through potentially compromised networks.

Follow us on Telegram for more pills like this

05/08/2024 19:40

Marco Verro

Last pills

Zero-day threat on Android devices: Samsung prepares a crucial updateFind out how Samsung is addressing critical Android vulnerabilities and protecting Galaxy devices from cyber threats

CrowdStrike: how a security update crippled the tech worldGlobal impact of a security update on banking, transportation and cloud services: what happened and how the crisis is being addressed

Checkmate the criminal networks: the Interpol operation that reveals the invisibleFind out how Operation Interpol exposed digital fraudsters and traffickers through extraordinary global collaboration, seizing luxury goods and false documents

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report