A new series of attack techniques has been brought to light by researchers. Named “TunnelCrack”, they can outwit the defenses of a large part of the vpn by exposing their users’ network traffic.
VPNs (Virtual Private Networks) have been on the rise for several years among the general public, proving that many people are concerned about their anonymity on the Web. If these solutions seem to be a safe protection, it turns out that they still have weaknesses that can be exploited by sufficiently seasoned hackers. Let’s see what is behind this TunnelCrack by focusing on two different types of attacks.
The LocalNet attack: exploiting the weaknesses of a VPN thanks to a fictitious network
The first of these attacks, LocalNet, allows hackers to create a fictitious Ethernet or Wi-Fi network. Then, the targeted VPN users are tricked into connecting to this fraudulent virtual network. Thanks to this manipulation, the attackers assign them a public IP address and a dedicated subnet. All traffic that logically passes through the VPN’s secure tunnel is then redirected, and hackers have plenty of time to intercept it. Very effective, the LocalNet attack however requires solid computer knowledge and manipulation so that the victims are encouraged to connect to the malicious fictitious network.
As an example is worth a thousand words, consider the following situation: a user wishes to go to an IPv4 address “1.2.3.4”. The attacker who wants to target it then assigns it the address “1.2.3.7”. As a large majority of VPN services allow direct access to the local network when used, the connection originally desired by the victim will be automatically redirected from the wrong address, here “1.2.3.7”. The secure tunnel normally created by the VPN is effectively bypassed, and the user’s traffic is fully exposed.
The ServerIP attack: redirection to a modified IP address
This attack exploits another type of vulnerability, which is quite common in a good part of the VPNs on the market. Traffic to the VPN server IP address sometimes lacks strong encryption. Aware of this weakness, hackers alter DNS responses. The result is immediate: the IP address of the VPN is thus matched with that of a website that is targeted. Once the victim uses their VPN, all of their network traffic is diverted to the targeted site, thus escaping the protection of the VPN.
Consider the following example: a VPN server is identified by a hostname like “xyx.com”. Its IP address is “4.4.4.4”. For the attack to work, the hacker makes sure to falsify the DNS response so that “xyx.com” points to another IP address, say “1.2.3.4”, which is in fact the IP address of the targeted person . Once connected to the VPN, all network traffic is redirected to its own IP. Even if the connection with the VPN is established, the traffic is then diverted outside the secure tunnel, leaving it open to hackers.
Even if these new types of attacks discovered are not necessarily accessible to novice hackers, they highlight important vulnerabilities. Unfortunately, no list of VPNs affected by these TunnelCrack attacks is officially available at this time. Manufacturers, for their part, have every interest in taking the necessary measures if they want to maintain the trust of their customers.
Source : The Register
4