Geeks for your information News Privacy & Security News v
TunnelVision attack against VPNs breaks anonymity and bypasses encryption
TunnelVision attack against VPNs breaks anonymity and bypasses encryption
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 16,274
Threads: 10,308
Thanks Received: 9,367 in 7,513 posts
Thanks Given: 10,347
Joined: 12 September 18
#1
Information  08 May 24, 07:02
Quote:Researchers from Leviathan Security have discovered a new vulnerability that affects virtual private networks (VPNs) on most platforms.

VPNs serve multiple purposes. They encrypt all traffic when connected to a VPN server to prevent eavesdropping and tampering. VPNs furthermore help users stay anonymous, as the VPNs IP address is revealed to websites and services.

TunnelVision is a new attack that manipulates traffic using rogue DHCP servers. All of this happens without dropping of the VPN connection or kill-switch functionality taking note and blocking all Internet connectivity. For the user, the VPN connection appears to work without issues.

TunnelVision Fact Sheet
  • Works on all major platforms except for Android.
  • A potential fix could be developed for Linux.
  • Requires a rogue DHCP server.
  • Vulnerability could date back to 2002.
TunnelVision in actionThe attack requires access to a DHCP server that the target's device communicates with. The core purpose of DHCP servers is to provide and assign IP addresses to client devices.

DHCP servers support a preference called option code 121, which the attack uses to route the traffic of the target's device through the DHCP server.

The researches explain: "Our technique is to run a DHCP server on the same network as a targeted VPN user and to also set our DHCP configuration to use itself as a gateway. When the traffic hits our gateway, we use traffic forwarding rules on the DHCP server to pass traffic through to a legitimate gateway while we snoop on it."

For the attack to work, it is necessary that the target accepts "a DHCP lease" from the rogue DHCP server and that option 121 is implemented. The researches note that attackers who are on the same network as the target may "become their DHCP server" using a number of attack techniques.

Having administrative control over the network is another possibility to attack users who use VPNs to protect their data.

Some or all of a target's traffic may be routed through the unencrypted channel. The VPN program or app continues to report that all data is protected, even while that is not the case.
...
Continue Reading
Find
Reply


Messages In This Thread
TunnelVision attack against VPNs breaks anonymity and bypasses encryption - by harlan4096 - 08 May 24, 07:02

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
qBittorrent v5.2.0
Sun May 03rd 2026 ...harlan4096 — 06:45
AMD Ryzen AI Max+ PRO 495 leaks out, fea...
AMD Ryzen AI Max+ ...harlan4096 — 06:44
K-Lite Codec Pack 19.6.8 / 19.6.9 Update
Changes in 19.6.9 ...harlan4096 — 10:29
Privazer 4.0.121 (02 May 2026)
v4.0.121 (02 May 2...harlan4096 — 10:27
Sandboxie 1.17.5 / 5.72.5
Sandboxie-Plus v1....harlan4096 — 10:26

[-]
Birthdays
Today's Birthdays
avatar (44)nikitaxople
Upcoming Birthdays
avatar (28)akiratoriyama
avatar (48)Jerrycix
avatar (40)awedoli
avatar (82)WinRARHowTo
avatar (38)owysykan
avatar (49)beautgok
avatar (39)axuben
avatar (45)talsmanthago
avatar (31)mocetor
avatar (46)piomaibhaict
avatar (51)kingbfef
avatar (38)izenesiq
avatar (40)ihijudu
avatar (45)tiojusop
avatar (42)Damiennug
avatar (40)acoraxe
avatar (49)contjrat
avatar (41)axylisyb
avatar (44)tukrublape
avatar (41)iruqi
avatar (42)saitetib
avatar (36)ypasodiny
avatar (39)omapek
avatar (48)Geraldtuh
avatar (44)knigiJow
avatar (46)1stOnecal
avatar (50)Mirzojap
avatar (36)idilysaju
avatar (45)xclubDum
avatar (41)Stewartanilm
avatar (40)GregoryRog
avatar (45)mediumog
avatar (40)odukoromu
avatar (46)Joanna4589

[-]
Online Staff
There are no staff members currently online.

>