Major VPN vulnerability found, it's been around for over 20 years

[thewayne]

Because of the age of the vulnerability, there's a good chance that it /may/ have been used in the wild. However, it's not an easy attack to implement. It's more suited for non-home networks as it requires inserting a second DHCP server into the network and implementing a DHCP Option 121, which lets you divert non-encrypted VPN traffic onto the network of your choice. You receive the clear traffic, the person on the VPN sees their traffic as still being on the VPN.

Very interesting!

Even more interesting, Android is the only OS immune to it! Baked in to its DHCP system, it ignores changes to its option 121, so it cannot be spoofed in this manner. Linux, Windows, MacOS, iOS are all potentially vulnerable. Linux users/admins can avoid this apparently by using Network Namespaces, I know nothing about this as I'm pretty minimally fluent when it comes to *nix.

To install an additional DHCP server, you need a proverbial evil admin, and it's probably going to be tricky to hide a second DHCP server from network audits. For home users, unless your WiFi router has been compromised, I don't think there's anything to worry about.

https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/

Comments

[rain_gryphon]

How very novel! I agree that it would be difficult to conceal, though, which limits it's usability.

[disneydream06]

Can I just surrender now and get it over with? :o :o :o
Hugs, Jon

[silveradept]

That's an interesting way of doing it. And probably why so many VPNs have in their configuration and other instructions to make sure that all traffic is routed through the VPN, so as to prevent leaks and possibly also to guard against this particular idea of sniffing the un-tunneled traffic.