IS A VPN SECURE? | TYPES OF ATTACK | RECOMMENDATIONS

[MoonL1gth Emerald Member Posts:66 Threads:39 Reputation 0]

Is a VPN SECURE?

In theory a VPN is a secure (encrypted) channel for transmitting information from the VPN client (on our host) to the VPN server, however a group of researchers have discovered that it is possible to leak information without attacking the "tunnel", but by redirecting the traffic out of it, attacking the client by manipulating the routing table.

TYPES OF ATTACK

LocalNet attack:

• Cybercriminal acts as a malicious WiFi or wired network.
  
• User connects to an untrusted network.
  
• Cybercriminal assigns a public IP address with its corresponding subnet.
  
• Cybercriminal filters all traffic.
  

Exploited VPN client exception: "All traffic sent to and from the local network will be outside the tunnel".

ServerIP Attack

• Cybercriminal acts as a malicious WiFi or wired network.
  
• User connects to an untrusted network.
  
• Attacker spoofs the IP address of the VPN server.
  
• Attacker spoofs DNS responses before VPN tunnel is established.
  
• VPN client connects to attacker, who in turn connects to VPN service
  

VPN client exception exploited: "Traffic to and from the VPN server will be outside the tunnel ensuring that there is no routing loop, i.e. VPN packets already encrypted are not re-encrypted".

To avoid LocalNet attack
The VPN application should automatically disable access to the local network when the local network uses public IPs.

To avoid ServerIP attack
VPN clients should be updated and send all traffic through the VPN tunnel, except the traffic generated by the application itself.

In case you do not have updates
You could mitigate the LocalNet attack by disabling access to the local network. However, the problem disappears by always using HTTPS for all communications, but unfortunately only websites that have HSTS guarantee that the connection will always be over HTTPS.