Techly NewsGet the app

Get the latest tech news

Novel Attack Against Virtually All VPN Apps Neuters Their Entire Purpose


Researchers have discovered a new attack that can force VPN applications to route traffic outside the encrypted tunnel, thereby exposing the user's traffic to potential snooping or manipulation. This vulnerability, named TunnelVision, is found in almost all VPNs on non-Linux and non-Android systems....

A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. When apps run on Linux there's a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of novel attack

novel attack

Photo of VPN apps

VPN apps

Photo of entire purpose

entire purpose

Related news:

News photo

Novel attack against virtually all VPN apps neuters their entire purpose

News photo

Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology

« This year’s Met Gala theme is AI deepfakes