The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn’t in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device.
Note that it requires the attacker to be connected to the network where you are connected to be able to run their own DHCP server. So, basically no effect to your home network.
TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address. The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then.
VPNs have many purposes. If true, this negates one use. Using an untrusted network where a hostel actor is using this attack. And you are not on Linux or Android. Kinda sensationalized title but it is a big deal.
Apple and Windows have had issues with their VPNs in the past. Not the first time someone has found a hole.
Using network namespaces on Linux can completely fix this behavior. However, in our experience, it is less commonly implemented.
WireGuard’s documentation shows how it’s possible to use a namespace for all applications with traffic that should be using a VPN before sending it to another namespace that contains a physical interface. However, this appears to be Linux-specific functionality and it’s not clear if there is a solution for Windows, MacOS, or other operating systems with the same amount of robustness.
Guess we'll have to see how the attack applies to different VPN providers. Maybe 1-2 do use namespaces.
Initially I thought this was more of a threat on mobile networks (I guess not Android) or when using public WiFi. If one has control over one's home router doing the DHCP it shouldn't be an issue. But what are our home router talking to? A DHCP server of our internet provider. I'm not sure whether these 121 configurations can pass multiple hops, have not investigated further.
No. They still are. I hate titles like this. On Android you are unaffected. This is only an issue on untrusted networks. I suspect it will be fixed in the future as well.
Note that it requires the attacker to be connected to the network where you are connected to be able to run their own DHCP server. So, basically no effect to your home network.
Title
body
these editors really do be trippin'
Finding that vpns invariably run much better on Linux
VPNs have many purposes. If true, this negates one use. Using an untrusted network where a hostel actor is using this attack. And you are not on Linux or Android. Kinda sensationalized title but it is a big deal.
Apple and Windows have had issues with their VPNs in the past. Not the first time someone has found a hole.
This advice from the researchers is the best advice.
“Except on Linux and Android”
Linux is still slightly vulnerable according to the article.
Yes. Do you know of a source to explain how to close the vulnerability?
Linked in the articke: https://www.leviathansecurity.com/blog/tunnelvision
Guess we'll have to see how the attack applies to different VPN providers. Maybe 1-2 do use namespaces.
Initially I thought this was more of a threat on mobile networks (I guess not Android) or when using public WiFi. If one has control over one's home router doing the DHCP it shouldn't be an issue. But what are our home router talking to? A DHCP server of our internet provider. I'm not sure whether these 121 configurations can pass multiple hops, have not investigated further.
I have to ask: who the hell is not using Linux and android?
Most people. I would say most stackers even.
Yeah. I guess you're right. I forget that everyone doesn't despise Apple as much as I do. I assume a solution will be available soon.
You are rare Siggy. Don't forget that.
Yeah, my family says that too, but in an entirely different context.
I think I understand. I've never fit in. I know the feeling. At least my friends and family like me.
There's also this company called Microsoft you may have heard about.
I hear their software is kinda popular.
Was that one founded by the guy who's going to save the world?
I think you're thinking of Microstrategy. Similar name but different software.
Similar egos, though? No?
If an attacker got into your local network you are already screwed.
This makes you feel less comfortable with VPN use at an AirBnB or a coffee shop though.
So, the VPNs are no longer relevant?
This is a hypothetical case in which the attacker has control of the network where they can run their own DHCP server.
Android is immune to this attack, and in Linux it can be setup to mitigate this risk.
like in the case of NSL'd provider?
No. They still are. I hate titles like this. On Android you are unaffected. This is only an issue on untrusted networks. I suspect it will be fixed in the future as well.
Yes, I agree.
This is good information. Thanks!
So is it still safe to use a vpn?
I use one constantly..