How DHCP manipulation allows hackers to intercept all encrypted traffic.
Researchers at Leviathan Security discovered a major security threat affecting virtually all Virtual Private Network (VPN) applications.
The attack, dubbed "TunnelVision" and identified as CVE-2024-3661 (CVSS: 7.6 out of 10), allows hackers to intercept and modify traffic that should be transmitted through a secure encrypted tunnel. This method puts at risk one of the key functions of a VPN-hiding the user's IP address and protecting their data from wiretapping.
The vulnerability lies in manipulation of the DHCP server, which distributes the IP addresses of devices connecting to the local network. Using a setting known as "option 121," an attacker can redirect VPN traffic through their server, allowing them to intercept the transmitted data.
Leviathan Security experts have confirmed that this approach allows them to set arbitrary routes in the user's routing table, bypassing the encrypted VPN tunnel. They even posted a video showing the attack.
The attack affects all operating systems (except Android, which does not use the "option 121"), presenting special risks for users connecting to networks over which they do not have administrative control. For example, an attacker with administrative rights inside the network can configure the DHCP server in such a way as to initiate such an attack.
The insidious nature of the attack lies in the fact that the VPN client will tell the user in any case that all data is transmitted over a secure connection, but in reality this will not be the case at all. In fact, any traffic redirected from a compromised tunnel will not be encrypted in any way, and will belong to the network that the user is actually connected to, and not the one specified by the VPN client.
At the moment, there is no complete solution to the problem. Some measures, such as setting up network firewalls, can help limit incoming and outgoing traffic, but they don't solve the problem completely. Alternative methods include using a VPN inside a VM or connecting via a mobile device access point.
The Leviathan Security study highlights the importance of choosing and using network technologies carefully, especially in public or untrusted networks. Users should be aware of the potential risks and never blindly trust VPN services and various anonymizers, as sometimes such trust can end extremely badly.
Researchers at Leviathan Security discovered a major security threat affecting virtually all Virtual Private Network (VPN) applications.
The attack, dubbed "TunnelVision" and identified as CVE-2024-3661 (CVSS: 7.6 out of 10), allows hackers to intercept and modify traffic that should be transmitted through a secure encrypted tunnel. This method puts at risk one of the key functions of a VPN-hiding the user's IP address and protecting their data from wiretapping.
The vulnerability lies in manipulation of the DHCP server, which distributes the IP addresses of devices connecting to the local network. Using a setting known as "option 121," an attacker can redirect VPN traffic through their server, allowing them to intercept the transmitted data.
Leviathan Security experts have confirmed that this approach allows them to set arbitrary routes in the user's routing table, bypassing the encrypted VPN tunnel. They even posted a video showing the attack.
The attack affects all operating systems (except Android, which does not use the "option 121"), presenting special risks for users connecting to networks over which they do not have administrative control. For example, an attacker with administrative rights inside the network can configure the DHCP server in such a way as to initiate such an attack.
The insidious nature of the attack lies in the fact that the VPN client will tell the user in any case that all data is transmitted over a secure connection, but in reality this will not be the case at all. In fact, any traffic redirected from a compromised tunnel will not be encrypted in any way, and will belong to the network that the user is actually connected to, and not the one specified by the VPN client.
At the moment, there is no complete solution to the problem. Some measures, such as setting up network firewalls, can help limit incoming and outgoing traffic, but they don't solve the problem completely. Alternative methods include using a VPN inside a VM or connecting via a mobile device access point.
The Leviathan Security study highlights the importance of choosing and using network technologies carefully, especially in public or untrusted networks. Users should be aware of the potential risks and never blindly trust VPN services and various anonymizers, as sometimes such trust can end extremely badly.