Simplified Privacy

Decloaking VPN traffic: New critical vulnerability

"This allows the ISP or local router to see the VPN traffic by abusing your router"

Decloaking VPN traffic: New critical vulnerability

Tinfoil Hat


Remember all the people calling me a tinfoil hat wacko for insisting on open source routers?

TunnelVision

There is a new critical VPN vulnerability from Leviathan Security group, which they call “TunnelVision”. It allows the ISP or local router to see the VPN traffic by abusing the DHCP client and option 121

Here’s the basics:


LAN

–It uses the local area network, so we’re talking about a hostile router

Android safe

—Android is safe by default and unaffected.

Linux depends

—Linux may be safe if used correctly.

Windows & Apple

–Microsoft Windows and Apple are highly vulnerable.

In Wild

–While Leviathan created it, they think it’s been used in the wild since maybe even 2002

DHCP

–Abuses the DHCP server to incorrectly route packets

–Random devices can pretend to be the router with DHCP attacks

How it works:


DHCP Basics

DHCP is when a home router assigns IP addresses to devices in your local area network. There is “ option 121” which allows that router (DHCP server) to route the VPN user’s system in a way that is more specific than those used by most VPNs. TunnelVision abuses option 121 to purposefully route the system through their fake interface.

Why Android is immune:

Android ignores option 121

How Linux users can protect themselves


Quote from Leviathan:


“Using network namespaces on Linux can completely fix this behavior. However, in our experience, it is less commonly implemented. WireGuard’s documentation shows how it’s possible to use a namespace for all applications with traffic that should be using a VPN before sending it to another namespace that contains a physical interface. However, this appears to be Linux-specific functionality and it’s not clear if there is a solution for Windows, MacOS, or other operating systems with the same amount of robustness.”

Source:

https://www.leviathansecurity.com/blog/tunnelvision

And of course, Linux PLUS an open source router is the real protection. Check out the router section of our site, https://simplifiedprivacy.com/category/routers/index.html

If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push.

#

[SP]

May 7, 2024

Related Posts

Mullvad uses Gmail [update: they changed]

Mullvad uses Gmail [update: they changed]

This was originally an article criticizing Mullvad’s use of Gmail, and surprisingly thanks to you guys sharing it, they actually changed

[SP]

Jan 13, 2024
Pro/Con of Private Routers (Operating Systems)

Pro/Con of Private Routers (Operating Systems)

The router you get from your ISP is designed to spy on you.

[SP]

Jan 6, 2024
GL.inet Travel Routers: Private or Tyranny?

GL.inet Travel Routers: Private or Tyranny?

One of our readers asked “Is it okay to use GL.inet routers?

[SP]

Dec 23, 2023
OpenVPN vs WireGuard: Which one should you use?

OpenVPN vs WireGuard: Which one should you use?

Each of them have different advantages and use cases.

[SP]

Oct 17, 2022