Please note that the attack can only be carried out if the local network itself is compromised.
Your local network is compromised?
To be fair if you used it on a public network like an airport or restaurant.. yeah
Yeah, it’s kind of incredible the responses I see to this story that are like “bro if they got as far as planting a rogue DHCP server on your network you were already owned anyway, yawn”
Like, you do realize people use VPNs over unsecured WiFi all the time right? That’s one of the primary use cases. You can’t guarantee every network hasn’t been compromised.
Armchair netsec quarterbacks need to get out more.
If I learned one thing from TunnelVision, it's how blindly people are operating right now. If you open a VPN tunnel, also ensure traffic is actually routed through it, especially if you don't control the network. Adding a tunnel on top of the insecure network also does not protect your client from other malicious clients on that network. I feel like people have seen one too many VPN snake oil salesman on social media.
I've been on this pedestal for years. Pop security YouTube has been overtly preying on rubes to sell shady VPN services for a decade now and it's super cringe. There is no magic bullet to cyber security and it takes real effort and knowledge to be safe.
"you don't want hackers getting your IP address!"
VPN marketing is a problem.
I am skeptical of this being viable on public Wi-Fi tbh. You'd need to know ahead of time which VPN servers the target will attempt to contact, some information about the target ahead of time, and you need to DHCP poison the entire network prior to the target connecting. That would effectively bring down the network for all but two hosts - the attacker and target.
I mean at that point, you can also just repeatedly deauth the target until it connects to your spoofed network and do whatever you want, and it would be way less obvious to an outside observer.
I think it's because lot of us have been just kind of over-exposed to things like this. It's like, yes, I'd imagine you could do a lot of interesting stuff if you've already compromised everything else first, thanks pen test. This one is not quite at that level, but I think we're all just exhausted with similar ones, ya know.
You will likely never run into any circumstances where the only option you have is to use public WiFi. You don’t even need to use WiFi at all to tether your phone to a PC, the charging cable will allow you to share your mobile data.
The exploit is possible because the local network may have a rogue DHCP server overwriting IP routes. If you're on a mobile network, they are the local network. TunnelVision means a mobile carrier can spy on your VPN traffic now. Unless you run Android.
Right, which is why most jobs use SSH to access remote data, especially any jobs in the tech sector. VPNs hide your geolocation, they don’t make your data private. This idea that VPNs are some kind of privacy tool is propaganda by VPN companies. You don’t need a VPN except in very specific situations, and any other time you’re just slowing down your connection.
I'm a bit confused how this is considered a new vulnerability. The IETF RFC which proposes option 121 literally states that malicious DHCP servers could be used to redirect traffic to malicious hosts, and I'm fairly confident that we learned about this exact thing in CCNA school in like 2003 (with regards to router configuration security).
I suppose the application to a VPN attack might be relatively novel?
I think the new thing is that VPN usage is fairly mainstream now. There are lots of services that advertise themselves as having the ability to hide all traffic. It's certainly news to me, as I hadn't even heard of a VPN in 2003. The researchers do say that this has been possible since 2002.
I thought that it doesn't affect linux and android.
It doesn't affect Android and Linux is the only OS with the possibility of a fix. I've seen people suppose that Android just always ignores option 121. My guess for Linux is that, because system level changes are allowed, you can modify the system to ignore option 121.
I'm not a network engineer, so I do not know this for sure. Does anyone else know more about it?
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world