pull down to refresh

139 sats \ 1 reply \ @kepford 7 May
TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address. The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then.
VPNs have many purposes. If true, this negates one use. Using an untrusted network where a hostel actor is using this attack. And you are not on Linux or Android. Kinda sensationalized title but it is a big deal.
Apple and Windows have had issues with their VPNs in the past. Not the first time someone has found a hole.
reply
This advice from the researchers is the best advice.
Do not use untrusted networks if you need absolute confidentiality of your traffic
reply
1185 sats \ 0 replies \ @nullama 7 May
The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn’t in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device.
Note that it requires the attacker to be connected to the network where you are connected to be able to run their own DHCP server. So, basically no effect to your home network.
reply
166 sats \ 1 reply \ @_vnprc 7 May
Title
virtually all VPNs
body
except when the user's VPN runs on Linux or Android
these editors really do be trippin'
reply
0 sats \ 0 replies \ @xz 7 May
Finding that vpns invariably run much better on Linux
reply
This is good information. Thanks!
reply
If an attacker got into your local network you are already screwed.
reply
11 sats \ 0 replies \ @ACYK 7 May
This makes you feel less comfortable with VPN use at an AirBnB or a coffee shop though.
reply
1 sat \ 13 replies \ @OT 7 May
“Except on Linux and Android”
reply
64 sats \ 2 replies \ @Lumor 7 May
Linux is still slightly vulnerable according to the article.
reply
10 sats \ 1 reply \ @siggy47 7 May
Yes. Do you know of a source to explain how to close the vulnerability?
reply
172 sats \ 0 replies \ @Lumor 7 May
Using network namespaces on Linux can completely fix this behavior. However, in our experience, it is less commonly implemented.
WireGuard’s documentation shows how it’s possible to use a namespace for all applications with traffic that should be using a VPN before sending it to another namespace that contains a physical interface. However, this appears to be Linux-specific functionality and it’s not clear if there is a solution for Windows, MacOS, or other operating systems with the same amount of robustness.
Guess we'll have to see how the attack applies to different VPN providers. Maybe 1-2 do use namespaces.
Initially I thought this was more of a threat on mobile networks (I guess not Android) or when using public WiFi. If one has control over one's home router doing the DHCP it shouldn't be an issue. But what are our home router talking to? A DHCP server of our internet provider. I'm not sure whether these 121 configurations can pass multiple hops, have not investigated further.
reply
I have to ask: who the hell is not using Linux and android?
reply
Most people. I would say most stackers even.
reply
Yeah. I guess you're right. I forget that everyone doesn't despise Apple as much as I do. I assume a solution will be available soon.
reply
You are rare Siggy. Don't forget that.
reply
55 sats \ 1 reply \ @siggy47 7 May
Yeah, my family says that too, but in an entirely different context.
reply
I think I understand. I've never fit in. I know the feeling. At least my friends and family like me.
reply
There's also this company called Microsoft you may have heard about. I hear their software is kinda popular.
reply
Was that one founded by the guy who's going to save the world?
reply
I think you're thinking of Microstrategy. Similar name but different software.
reply
Similar egos, though? No?
So is it still safe to use a vpn? I use one constantly..
reply
So, the VPNs are no longer relevant?
reply
140 sats \ 1 reply \ @nullama 7 May
This is a hypothetical case in which the attacker has control of the network where they can run their own DHCP server.
Android is immune to this attack, and in Linux it can be setup to mitigate this risk.
reply
run their own DHCP
like in the case of NSL'd provider?
reply
No. They still are. I hate titles like this. On Android you are unaffected. This is only an issue on untrusted networks. I suspect it will be fixed in the future as well.
reply
Yes, I agree.
reply