Techly NewsGet the app

Get the latest tech news

Attackers can decloak routing-based VPNs


We discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.

To help make this work accessible to as many people as possible, we are structuring this blog post to walk through the fundamentals of networking, VPN technology, and DHCP to fully explain the decloaking behavior. For example, a user can trust that the layers lower than their browser (HTTP) are determining how to send electricity over a cable (Coax), knows who to talk to (Ethernet, IP), and ensure correct data delivery to the recipient server (TCP). The main concept to understand is that DHCP provides a time-based lease for IP addresses, and it contains many additional features called options that allow you to adjust the configuration of devices remotely and dynamically.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of attackers

attackers

Photo of Based VPNs

Based VPNs

Photo of Routing

Routing

Related news:

News photo

Attackers spread backdoor via eScan antivirus software update process

News photo

MITRE admits 'nation state' attackers touched its NERVE R&D operation

News photo

MiTM phishing attack can let attackers unlock and steal a Tesla

« Semiconductor digital twins to sip $285M from America's CHIPS Act funding pool
TOTP Authenticator for PalmOS »