This Week Health
Sarah Richardson Joins This Week HealthAlex's Lemonade Stand This Week Health
SUBSCRIBE NOW to receive top 7 stories daily to your inbox
<--  All Stories

Novel attack against virtually all VPN apps neuters their entire purpose

May 13, 2024
Ars Technica
Contributed by: Drex DeFord
Summary
Researchers have uncovered a critical vulnerability in almost all virtual private network (VPN) applications called TunnelVision, which compromises the core function of VPNs by routing some or all traffic outside of the encrypted tunnel, potentially exposing user data to interception or alteration. This attack exploits the DHCP option 121 to reroute traffic through an attacker-controlled server instead of the VPN's encrypted tunnel, affecting users on all operating systems except for Android, which is not susceptible due to its lack of implementation of option 121. Despite various mitigation strategies suggested, such as running the VPN in a virtual machine or utilizing a cellular device's Wi-Fi for internet connection, the researchers from Leviathan Security indicate that no full-proof solution exists for other operating systems, highlighting a significant security gap in current VPN technologies.
Transform Healthcare - One Connection at a Time

© Copyright 2024 Health Lyrics All rights reserved