Malware Guide
    Facebook Twitter Instagram
    Malware Guide
    • Adware
    • Browser Hijackers
    • Ransomware
    • Articles
    • News
    Malware Guide
    Home - TunnelCrack Attack: Potential Leakage of VPN User Traffic
    news
    Security News

    TunnelCrack Attack: Potential Leakage of VPN User Traffic

    MaximBy MaximAugust 9, 2023No Comments2 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email

    A Belgian cybersecurity expert known for uncovering vulnerabilities like the KRACK attack on WPA and WPA2 has developed a new method that exposes a concerning threat to VPN users. Named TunnelCrack, this method allows sensitive VPN traffic to escape the confines of the protective tunnel, posing a severe risk. Vulnerabilities in VPN solutions primarily affect iOS and macOS VPNs, with Windows also being susceptible. Interestingly, Android VPN apps are relatively safer, but around a quarter of them are still vulnerable to TunnelCrack.

    TunnelCrack exploits two principal vulnerabilities: the LocalNet and ServerIP attacks. These vulnerabilities come into play when a VPN user connects to an unsecured Wi-Fi network. However, malicious internet providers can also exploit the server IP attack. By manipulating the routing table of the target, these attacks divert the victim’s traffic away from the secure VPN tunnel, allowing attackers to intercept and analyze the exposed data.

    In the ServerIP attack scenario, the absence of encryption for VPN traffic to the VPN server’s IP address is a weak link. This lack of encryption is intentional, preventing the need for data packet re-encryption. Exploiting this, an attacker can falsify a DNS reply for the VPN server, tricking the victim into adding a routing rule featuring a fake IP address. This reroutes the victim’s traffic outside the tunnel, bypassing its protection.

    To counter the LocalNet attack, users can disable local network traffic. However, not all VPN clients offer this option. While this strategy enhances security, it might render legitimate local network activities, such as printing or streaming, inaccessible when the VPN is active. Mitigating the ServerIP attack requires a different approach: policy-based routing, which considers factors beyond the destination IP address for routing decisions.

    Efforts have been made to address these vulnerabilities proactively. VPN providers were alerted in advance, giving them time to develop and release updates. Leading the way are Mozilla VPN, Surfshark, Malwarebytes, Windscribe, and Cloudflare’s WARP, all of which have released patches to address these vulnerabilities. For users of VPN apps without patches, it’s recommended to disable local network access and, when possible, opt for websites offered through the secure HTTPS protocol. Cisco has issued an advisory acknowledging the vulnerabilities in various VPN products and their susceptibility to these exploits.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleWhite House Hosts Summit Addressing Ransomware Attacks on Schools
    Next Article Google to Release Weekly Security Updates for Chrome
    photo me - max
    Maxim
    • Website

    Hi! I am Maxim. I research malware. I blog about malware and computer virus threats as they are released, so you can use it to remove viruses from your computer, phone, or tablet. Is this information useful? Share on social media and help others Thank you!

    Related Posts

    Security News

    German AV-Test Institute Compares Windows 10 Antivirus Scanners

    August 13, 2023
    Security News

    NewsCriminals Exploit Six-Year-Old Vulnerability to Infect Zyxel Routers with Malware for Botnet Activities

    August 13, 2023
    Security News

    US Initiates Inquiry into Theft of Government Emails on Microsoft Exchange Online

    August 13, 2023
    Latest guides

    Remove Tempestforge.top (virus removal guide)

    September 21, 2023

    Remove Celebbuzzingnews.com (virus removal guide)

    September 21, 2023

    Remove FrequencyField (Mac OS X) virus

    September 20, 2023

    Remove Mixbenign.com (virus removal guide)

    September 20, 2023
    Security news

    German AV-Test Institute Compares Windows 10 Antivirus Scanners

    August 13, 2023

    NewsCriminals Exploit Six-Year-Old Vulnerability to Infect Zyxel Routers with Malware for Botnet Activities

    August 13, 2023

    US Initiates Inquiry into Theft of Government Emails on Microsoft Exchange Online

    August 13, 2023

    Google to Release Weekly Security Updates for Chrome

    August 9, 2023
    • Contact
    • Site Terms
    • Privacy Policy
    • Disclaimer
    • What is malware?
    © 2023 Malware.guide

    Type above and press Enter to search. Press Esc to cancel.