Researchers have discovered an attack that allows hackers to remove traffic from a VPN tunnel without the victim’s knowledge so they can continue to observe it. The attack was named TunnelVision.

Researchers discovered an attack on VPN applications that allows hackers to remove traffic from the secure tunnel so they can continue observing it. Researchers at security company Leviathan called the vulnerability TunnelVision.

Option 121

The purpose of TunnelVision is to examine the Internet traffic that a user is trying to hide using a VPN. By using a VPN solution, all of the victim’s internet traffic is theoretically encrypted and routed through a VPN server, ensuring privacy and anonymity. TunnelVision removes traffic from the tunnel without the destination knowing about it.

The security gap is due to misuse of the institution Option 121. This allows a DHCP server to ignore standard routing rules. An attacker with access to the network can configure the DHCP server to override the VPN settings. In this case, the data traffic for specified IP addresses goes through the DHCP server and is no longer encrypted. The attacker can then watch.

Old animal

The vulnerability is said to have existed since 2002. Leviathan doesn’t rule out the possibility that criminals have known about it for years. The bug affects the privacy functionality of a VPN connection, but does not affect other features. For example, a home worker who logs into the office using a VPN could still do so.

Android is the only operating system that is not vulnerable to TunnelVision because it does not implement option 121. For all other operating systems, TunnelVision is a persistent bug that cannot be easily fixed. Further details about the vulnerability can be found in the description of Leviathan.