Hackers Can Bypass VPNs: “TunnelVision” Exploit Revealed
Researchers from Leviathan Security have identified a severe security threat that impacts nearly all virtual private network (VPN) applications.
Dubbed “TunnelVision,” and assigned the identifier CVE-2024-3661 (CVSS score of 7.6 out of 10), this attack enables hackers to intercept and alter traffic that is supposed to travel through a secure encrypted tunnel. This method compromises a fundamental VPN function: concealing the user’s IP address and protecting their data from interception.
The vulnerability lies in manipulating the DHCP server, which allocates IP addresses to devices connecting to a local network. By exploiting a setting known as “option 121,” an attacker can reroute VPN traffic through their server, thereby capturing the transmitted data.
Leviathan Security experts have confirmed that this approach allows them to establish arbitrary routes in the user’s routing table, circumventing the encrypted VPN tunnel. They have even published a video demonstrating the attack.
The vulnerability affects all operating systems (except Android, which does not use “option 121”), posing particular risks for users connecting to networks over which they do not have administrative control. For instance, an attacker with administrative rights within the network could configure the DHCP server to initiate such an attack.
The insidiousness of the attack lies in the fact that the VPN client will still inform the user that all data is being transmitted through a secure connection when in reality, it is not. Effectively, any traffic redirected from the compromised tunnel will not be encrypted and will belong to the network to which the user is connected, not the one indicated by the VPN client.
Currently, there is no complete solution to the problem. Some measures, such as configuring network firewalls, may help limit incoming and outgoing traffic but do not fully address the issue. Alternative methods include using a VPN within a virtual machine or connecting through a mobile device’s hotspot.
Leviathan Security’s research underscores the importance of careful selection and use of network technologies, especially in public or untrusted networks. Users must be aware of potential risks and should never blindly trust VPN services and various anonymizers, as such trust can sometimes end disastrously.