A Belgian cybersecurity expert known for uncovering vulnerabilities like the KRACK attack on WPA and WPA2 has developed a new method that exposes a concerning threat to VPN users. Named TunnelCrack, this method allows sensitive VPN traffic to escape the confines of the protective tunnel, posing a severe risk. Vulnerabilities in VPN solutions primarily affect iOS and macOS VPNs, with Windows also being susceptible. Interestingly, Android VPN apps are relatively safer, but around a quarter of them are still vulnerable to TunnelCrack.

TunnelCrack exploits two principal vulnerabilities: the LocalNet and ServerIP attacks. These vulnerabilities come into play when a VPN user connects to an unsecured Wi-Fi network. However, malicious internet providers can also exploit the server IP attack. By manipulating the routing table of the target, these attacks divert the victim’s traffic away from the secure VPN tunnel, allowing attackers to intercept and analyze the exposed data.

In the ServerIP attack scenario, the absence of encryption for VPN traffic to the VPN server’s IP address is a weak link. This lack of encryption is intentional, preventing the need for data packet re-encryption. Exploiting this, an attacker can falsify a DNS reply for the VPN server, tricking the victim into adding a routing rule featuring a fake IP address. This reroutes the victim’s traffic outside the tunnel, bypassing its protection.

To counter the LocalNet attack, users can disable local network traffic. However, not all VPN clients offer this option. While this strategy enhances security, it might render legitimate local network activities, such as printing or streaming, inaccessible when the VPN is active. Mitigating the ServerIP attack requires a different approach: policy-based routing, which considers factors beyond the destination IP address for routing decisions.

Efforts have been made to address these vulnerabilities proactively. VPN providers were alerted in advance, giving them time to develop and release updates. Leading the way are Mozilla VPN, Surfshark, Malwarebytes, Windscribe, and Cloudflare’s WARP, all of which have released patches to address these vulnerabilities. For users of VPN apps without patches, it’s recommended to disable local network access and, when possible, opt for websites offered through the secure HTTPS protocol. Cisco has issued an advisory acknowledging the vulnerabilities in various VPN products and their susceptibility to these exploits.

Categorized in:

Security News,

Last Update: August 9, 2023

Star Gazer on Remove Bluestepcherry.com (virus removal guide)
Good guide on removing the Bluestepcherry.com virus. I was looking for something like this.
TechNovice on Remove Bindszone.club (virus removal guide)
I had no idea about Bindszone.club. Now I know how to deal with it, thanks!
Earth Lover on Remove Bluestepcherry.com (virus removal guide)
Didn't realize how harmful this site could be. Informative read!
Blue_Sky on Remove Mobility-search.com browser hijacker virus
I didn't realize Mobility-search.com was so intrusive. Thanks for the detailed steps on removing it.

TunnelCrack Attack: Potential Leakage of VPN User Traffic

About the Author

Max Reisler

About the Author

Max Reisler

Related Articles

Microsoft Patches Two Critical Vulnerabilities in Hyper-V During March Patch Tuesday

Apple Under Fire for Limiting Web App Distribution to Top Developers

Russian-Canadian Man Sentenced for LockBit Ransomware Attacks

Ledger Users Lose Hundreds of Thousands in Crypto to Phishing Attack