TunnelVision: The New VPN Bypass Technique Exposing Users to Surveillance

by | May 9, 2024 | News

TunnelVision: The New VPN Bypass Technique Exposing Users to Surveillance

Post Views: 762




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Leviathan Security researchers have unearthed a groundbreaking method of breaching VPN encapsulation, dubbed TunnelVision, allowing malicious actors to covertly intercept users’ traffic. This innovative attack leverages inherent features of DHCP (Dynamic Host Configuration Protocol) to divert a target’s traffic away from the VPN tunnel.

The crux of TunnelVision lies in its ability to exploit a DHCP design flaw, CVE-2024-3661, which renders certain messages, such as the classless static route (option 121), vulnerable to manipulation by attackers. By manipulating routing tables through DHCP messages, threat actors can reroute VPN traffic, evading encryption and exposing sensitive data to surveillance.

Attackers can achieve this by becoming the DHCP server for targeted users through various means such as DHCP starvation attacks or ARP spoofing. Once in control, they can manipulate routing tables to intercept VPN traffic, leaving it vulnerable to snooping, a process referred to as “decloaking.” Despite the attack, the VPN control channel remains active, and users appear connected to the VPN. The attackers achieve this by running a DHCP server on the same network as the targeted user and configuring it to use itself as a gateway, allowing them to snoop on the traffic passing through.

The security firm also notes that, while the attack is in progress, the victim is shown as still being connected to the VPN.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Notably, this technique, while sophisticated, doesn’t disrupt the VPN’s appearance of connectivity, leaving users unaware of the breach. Furthermore, TunnelVision isn’t exclusive to any particular VPN provider or implementation, posing a widespread threat to IP routing-based VPN systems.

Despite its recent discovery, Leviathan Security speculates that the vulnerability exploited by TunnelVision may have existed within DHCP since 2002, potentially exploited by threat actors in the past.

To counteract this looming threat, VPN providers are urged to implement network namespaces on compatible operating systems, effectively isolating interfaces and routing tables from local network control. Additional mitigation strategies include deploying Firewall Rules, disregarding Option 121, utilizing Hot Spots or Virtual Machines, and avoiding untrusted networks.

Trending: The Importance of Expertise: Why Manual Pentesting Beats Automated Solutions




Trending: Offensive Security Tool: pphack

Watch the proof-of-concept video released by Leviathan Security:

 

Acknowledging the vast landscape of VPN providers, Leviathan Security emphasizes the importance of broad disclosure, collaborating with organizations like the EFF and CISA to disseminate findings and ensure comprehensive mitigation efforts.

Trending: New Cuttlefish Malware Hijacks Router Traffic to Harvest Credentials

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: securityaffairs.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This