Many top VPN apps can be hacked and almost totally ruined by this attack

The findings on the flaw, named TunnelVision, were published in a blog post, which also states that so far, there is no straightforward solution to the problem. It further claims that the vulnerability existed since at least 2002, and is highly likely that hackers found it, and abused it in the wild, already.

TunnelVision

As per the blog post, if the attacker has control over the network the victim is connecting to, they can configure the DHCP server that allocates IP addresses. Malicious entities connecting as unprivileged users can set up their own DHCP server, as well, to the same result. 

This feature is called “option 121”, and allows the server to gain priority over the default routing rules that send VPN traffic through a local IP address that triggers the encrypted tunnel. Consequently, all of the traveling data is going to the DHCP server itself, won’t be encrypted by the VPN, and will be viewable to the attacker. 

VPN apps running on the majority of popular operating systems these days are all vulnerable, the researchers said. They’ve observed one mitigation, and seen a fix on Linux. However, the mitigation opens up the possibility of a side-channel attack, which is a major vulnerability in its own right.

Removing support for DHCP is not the solution either, “because this could break Internet connectivity in some legitimate cases,” they added. “The strongest recommendation we have is for VPN providers to implement network namespaces on operating systems that support them,” the researchers concluded. Android is the only OS unaffected by this flaw since it doesn’t implement option 121 to begin with.

More from TechRadar Pro

• Yet another Ivanti VPN critical security flaw is being exploited, so patch now
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now