A newly discovered vulnerability undermines countless VPN clients in that their traffic can be quietly routed away from their encrypted tunnels and intercepted by snoops on the network.) can result in a VPN user believing their connection is properly secured, and being routed through an encrypted tunnel as usual, while an attacker on their network has instead redirected their connections so that it can be potentially inspected.
Anyone who is able to operate a DHCP server on the same network as someone using a VPN, and get that VPN client's machine to use that DHCP server, can decloak their traffic because of a particular feature in the configuration protocol: optionThe targeted host must accept a DHCP lease from the attacker-controlled server.Said DHCP server could be on a public network, such as some airport or hotel Wi-Fi.
3. ARP spoofing to intercept traffic between the true DHCP server and client, then waiting for a client to renew their lease. "Most users who use commercial VPNs are sending web traffic which is mostly HTTPS," as Leviathan's Dani Cronce and Lizzie Moratti put it."HTTPS traffic looks like gibberish to attackers using TunnelVision. But they know who you are sending that gibberish to which can be an issue."
So, what can be done to protect VPN users, who are seeming quite vulnerable in light of this discovery? That's tricky.
Domain Domain Latest News, Domain Domain Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: TheRegister - 🏆 67. / 61 Read more »