VPN services are used frequently to increase the protection of your data in Internet connections. But is this a type of solution that involves sending the source of a security problem? It is also that we can respond to a type of attack launched by TunnelVision. The issue affects several private VPN services.
How to distribute IPs
A VPN calls a “virtual tunnel” Between the user's device and the destination server, which can be a web page, a web page, a streaming platform, among other online services. For this, the device is connected to the VPN server. Then this servant is connected to destiny. This communication is now encrypted.
But the TunnelVision vulnerability makes sense. Security analysts who identify the problem relate to the fact that the root of the problem is the manipulation of the network's DHCP service, which sets the IP address for devices that connect to them.
This manipulation is done in such a way that the DHCP service replaces the rotation manager and, thus, the VPN traffic is deleted. Therefore, this data is not encrypted by the VPN and may be captured in the network interface which is communicated with the DHCP service.
With a dynamic base, TunnelVision can be used for collecting specific data or for spying on the user. All or part of the traffic may be carried out upon my arrival, or allow attacks towards management.
The problem concerns the main commercial VPN solutions, which we use to hide the IP address or to access online services with regional blocking, for example.
Operational systems submitted to TunnelVision
TunnelVision receives identification CVE-2024-3661. The criticism of the problem is also analyzed. So I thought about discovering an important issue, ultimately, where TunnelVision concerns any operational system that implements DHCP services to support rotations with option 121.
This also includes Windows, macOS, iOS and Linux operating systems. Android is not supported, but DCHP is not supported with option 121. Linux-based systems usually contain a configuration that mitigates the effects of TunnelVision, even so, they are also vulnerable.
The video shows a demonstration of the problem:
Prevention for TunnelVision
Bone Leviathan Security users who identify TunnelVision This isn't exactly a vulnerability issue because you haven't explored fake software or VPN protocols. Essentially, it's an architectural problem. So, as a user, you may not have to do anything at that time.
Also, without specifying what analysts report about certain VPN companies, I have already been notified. This is why we must adopt preventive measures. When organizations implement proper VPNs, administrators can mitigate the problem.
In all these cases, the solution may result in disabling rotations with option 121 when a VPN is enabled during use, implementing firewall rules and protection or monitoring procedures over DHCP . As the problem is very complex, each case must be studied individually.
To resolve the disclosure of the problem and encourage the search for effective solutions, fishermen have also encaminharam previously or the study for CISA entities (Cybersecurity and Infrastructure Security Agency) and EFF (Electronic Frontier Foundation).