May. 12th, 2024

thewayne: (Default)
Because of the age of the vulnerability, there's a good chance that it /may/ have been used in the wild. However, it's not an easy attack to implement. It's more suited for non-home networks as it requires inserting a second DHCP server into the network and implementing a DHCP Option 121, which lets you divert non-encrypted VPN traffic onto the network of your choice. You receive the clear traffic, the person on the VPN sees their traffic as still being on the VPN.

Very interesting!

Even more interesting, Android is the only OS immune to it! Baked in to its DHCP system, it ignores changes to its option 121, so it cannot be spoofed in this manner. Linux, Windows, MacOS, iOS are all potentially vulnerable. Linux users/admins can avoid this apparently by using Network Namespaces, I know nothing about this as I'm pretty minimally fluent when it comes to *nix.

To install an additional DHCP server, you need a proverbial evil admin, and it's probably going to be tricky to hide a second DHCP server from network audits. For home users, unless your WiFi router has been compromised, I don't think there's anything to worry about.

https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/

August 2025

S M T W T F S
     12
34 56789
10111213 141516
17181920212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 19th, 2025 04:54 am
Powered by Dreamwidth Studios