How can Operating System Security Flaws be Exploited to Attack VPNs?
Researchers have discovered that security flaws in Unix-based operating systems could provide attackers access to users’ VPN connections. Researchers tested and managed to exploit the flaws on various operating systems including Ubuntu 19.10, Fedora, Debian 10.2, Arch 2019.05, Manjaro 18.1.1, Devuan, MX Linux 19, Void Linux, Slackware 14.2, Deepin, FreeBSD and OpenBSD. According to the Breakpointing Bad research team at the University of New Mexico, the VPN attacks rely on sending unsolicited network packets to a victim’s device and watching to see how the device replies. However, it must be noted that the attack is not easy to carry out. Therefore, it is unlikely that the flaws would be exploited on a mass scale. At least not before patches are made available for the vulnerable operating systems. Nonetheless, the vulnerability is ideal for targeted attacks if the hacker has the required expertise to carry out the attack.
What VPN Information Could be Accessed?
Attackers exploiting security flaws in vulnerable operating systems could acquire various details about users’ VPN connections. For example, they could determine the virtual IP address a user has been assigned by the VPN server and whether they have an active connection to a website. The team also found they could exploit the security flaws to determine the exact packet sequence in certain VPN connections. According to the team, this would allow attackers “to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.” Once the VPN connection has been hijacked, attackers have access to all information and applications the user has access to. For people using personal VPNs, this could include personal details, bank account information, applications running on computers or social media apps installed on smartphones. For enterprise VPNs this could include enterprise data, applications and cloud‑based resources.
Which VPN Technologies are Vulnerable?
The team concluded that most VPNs would be able to be attacked using the operating systems’ security flaws. They stated: “…the VPN technology used does not seem to matter and we are able to make all of our inferences even though the responses from the victim are encrypted…” The team ran tests against VPN protocols such as OpenVPN, WireGuard and IKEv2/IPSec. They were able to attack all of these through the security flaws. Tests were also conducted against Tor, but these tests were not thorough. Nonetheless, the researchers believe Tor would not be vulnerable because it runs outside the operating systems’ kernel.