Security researchers at Leviathan Security Group have discovered a vulnerability that could, in principle, render all VPN solutions obsolete. The leak has been dubbed Tunnelvision and it fundamentally defeats the entire purpose of virtual private networks (VPNs) — encrypting the traffic in the tunnel and hiding the user's IP address — according to Arstechnica. He writes.
According to researchers, the leak has been around since 2002 – so it's reasonable to assume that it has been exploited by cybercriminals for some time. It is difficult to overcome the problem except using Linux or Android distributions. The researchers show the attack in a video presentation (see below). With Tunnelvision, after a victim accesses a malicious website via a VPN, the entire traffic can be read and modified without disconnecting the user from the Internet or VPN connection. The victim does not notice that traffic still marked “secure” is being read. The attack is carried out via a tampered DHCP server, and is the entire research work of Leviuathan It can be found here.
According to the researchers, there are basically two ways to get around the problem: First, a VPN tunnel can be started from a virtual machine whose network adapter is not in bridge mode. The second option works over the previously mentioned Android system and is secured against attack by default: if its Internet connection (mobile hotspot) is used, the VPN tunnel cannot be hacked either. (Wins)
“Subtly charming coffee scholar. General zombie junkie. Introvert. Alcohol nerd. Travel lover. Twitter specialist. Freelance student.”
More Stories
Billionaire wants to save space telescope – NASA is skeptical
“Lian Li’s infinity mirror effect is really amazing.”
Say goodbye to Windows: Manjaro Linux as a perfect alternative