Jump to content
This Topic

ALL VPNs vulnerable / unsafe

AreYouGerman

By AreYouGerman
in IT and Computers

 Share

Recommended Posts

AreYouGerman Silver Member

AreYouGerman

Posted
Posted

In short, it's basically you going in some public wifi or compromised wifi and you won't know that your traffic is not routed through your VPN as you are connected to your VPN and everything seems in order. Everything is affected except Android, at the time of writing.

 

"TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation."

 

More on:

https://securityaffairs.com/162894/hacking/tunnelvision-attack-vpn.html

https://www.techradar.com/pro/security/many-top-vpn-apps-can-be-hacked-and-almost-totally-ruined-by-this-attack

 

 

 

 

  • Agree 1
  • Thanks 1
  • Replies 85
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

AreYouGerman
AreYouGerman

Yes. That's what VPNs companies use in their ads.

BE88
BE88

This is for training only 😆

OneMoreFarang
OneMoreFarang

Do you really expect to use public Wi-Fi securely? Really? If you want some security, then use something provided by a big ISP like internet at home or mobile data on a phone. And never assu

  • Popular Post
OneMoreFarang Star Member

OneMoreFarang

Posted
  • Popular Post
Posted
  On 5/8/2024 at 11:14 PM, AreYouGerman said:

it's basically you going in some public wifi or compromised wifi and you won't know that your traffic is not routed through your VPN

Expand  

 

Do you really expect to use public Wi-Fi securely? Really?

If you want some security, then use something provided by a big ISP like internet at home or mobile data on a phone.

And never assume it is 100% secure. It isn't. 

  • Like 2
  • Agree 2
RayWright Silver Member

RayWright

Posted
Posted

Using a Windows 10 & 11 Laptop, have activated the Hotspot on my Thai mobile and activated Android based VPN from the phone. Anyone see an issue with this simple work-around?

AreYouGerman Silver Member

AreYouGerman

Posted
  • Author
Posted
  On 5/9/2024 at 9:47 AM, RayWright said:

Using a Windows 10 & 11 Laptop, have activated the Hotspot on my Thai mobile and activated Android based VPN from the phone. Anyone see an issue with this simple work-around?

Expand  

 

Kinda. However the adding VPN on Android is also prone to leaking. Best is to use VPN on your PC and connect to your Android hotspot.

  • Heart-broken 1
  • Haha 1
  • Popular Post
eisfeld Platinum Member

eisfeld

Posted
  • Popular Post
Posted

Misleading topic. It's absolutely untrue that all VPNs are vulnerable to this attack which btw isn't exactly a new idea just the variation of using that specific DHCP option. It's a variant of prior attacks like Poison Tap.  Good VPN clients add firewall rules that prevent this issue.

 

And it's only a concern if you are using someone elses network like a public Wifi. At home you got nothing to worry about because it's the router that has to perform the attack. Nobody on the general internet can snoop on you with this.

 

 

  • Agree 3
  • Thumbs Up 1
AreYouGerman Silver Member

AreYouGerman

Posted
  • Author
Posted
  On 5/9/2024 at 1:02 PM, eisfeld said:

Misleading topic.

Expand  

 

Nah, it's 100% correct. All VPNs are affected. When is a different question.

 

  On 5/9/2024 at 1:02 PM, eisfeld said:

And it's only a concern if you are using someone elses network like a public Wifi. At home you got nothing to worry about because it's the router that has to perform the attack. Nobody on the general internet can snoop on you with this.

Expand  

 

As stated in the initial post, only if you are using a compromised Wifi. It's more unlikely at home, but never say never. Also, better to get rid of the bug, even at home, no? Or just ignore it?

  • Heart-broken 2
  • Haha 1
NativeBob Gold Member

NativeBob

Posted
Posted

if your traffic being encrypted straight from your client than passes through whatever wifi to your VPN gate, then decrypted on another side of the world >>> what can go wrong? 

Any sniffing at WiFi will be useless

That's is not some new concept - I think we used it last century already

  • Agree 1
AreYouGerman Silver Member

AreYouGerman

Posted
  • Author
Posted
  On 5/9/2024 at 1:13 PM, NativeBob said:

if your traffic being encrypted straight from your client than passes through whatever wifi to your VPN gate, then decrypted on another side of the world >>> what can go wrong? 

Any sniffing at WiFi will be useless

That's is not some new concept - I think we used it last century already

Expand  

 

You didn't understand the issue. Re-read articles.

  • Heart-broken 1
  • Haha 2
scottiejohn Diamond Member

scottiejohn

Posted
Posted
  On 5/9/2024 at 12:47 PM, AreYouGerman said:

 

You didn't understand the issue. Re-read articles.

Expand  

I suggest you re-read your OP-"ALL VPNs vulnerable / unsafe" and also reword it to stop your unfounded scaremongering!

I have responded to your OP indicating that I am not having problems!

I and I suspect a large number of the rest of us on this forum do not need lectures, or misleading OP,s from people like you!

  • Agree 1
  • Heart-broken 1
  • Thumbs Up 1
eisfeld Platinum Member

eisfeld

Posted
Posted
  On 5/9/2024 at 1:12 PM, AreYouGerman said:

 

Nah, it's pretty accurate as it's most likely that you are vulnerable than not. Also, better to check to be safe, right. I am okay with changing the topic to "77% of VPNs vulnerable / unsafe".

 

 

As stated in the initial post, only if you are using a compromised Wifi. It's more unlikely at home, but never say never. Also, better to get rid of the bug, even at home, no? Or just ignore it?

Expand  

 

Where did you take that number from? BTW the second link in your OP just redirects to https://www.techradar.com/features/why-your-business-needs-a-vpn which is a generic article trying to sell VPNs.

  • Like 1
  • Agree 1
AreYouGerman Silver Member

AreYouGerman

Posted
  • Author
Posted
  On 5/9/2024 at 1:20 PM, scottiejohn said:

I suggest you re-read your OP-"ALL VPNs vulnerable / unsafe" and also reword it to stop your unfounded scaremongering!

I have responded to your OP indicating that I am not having problems!

I and I suspect a large number of the rest of us on this forum do not need lectures, or misleading OP,s from people like you!

Expand  

 

There's nothing misleading, all VPNs are affected. It's a fact. When they are affected is a different question. If you login through a Hotel WIFI, your VPN is affected!

 

But you still don't understand the problem. You think it's about "if it's working". That's not the issue. Nevermind, though, if you don't feel threatened that you are basically not using a VPN on f. ex. Hotel Wifis even if "it's working", then you can just safely ignore everything.

 

  • Heart-broken 2
  • Haha 1
scottiejohn Diamond Member

scottiejohn

Posted
Posted
  On 5/9/2024 at 1:25 PM, AreYouGerman said:

But you still don't understand the problem.

Expand  

You are the one who has got it wrong and do not wish to, or are able to, understand the problem.  It is an age old problem that I assume all reputable VPN providers have bypassed/blocked etc!

IMO you are just a scaremonger of no standing!

  • Agree 1
eisfeld Platinum Member

eisfeld

Posted
Posted
  On 5/9/2024 at 1:26 PM, AreYouGerman said:

 

ALL VPN's are affected if they are connecting to a compromised Wif with enabled DHCPi. Facts, bro.

Expand  

 

Alternative facts, bro. Android is not affect. Proper VPN clients setting firewalls are not affected. Wireguard with proper usage of namespaces is not affected. Users using something like a mobile router are not affected. Users at home are not affected. The list goes on. Again, where did the 77% come from?

  • Thumbs Up 1
AreYouGerman Silver Member

AreYouGerman

Posted
  • Author
Posted
  On 5/9/2024 at 1:52 PM, scottiejohn said:

You are the one who has got it wrong and no not wish to or are able to understand the problem.  It is an age old problem that I assume all reputable VPN providers have bypassed/blocked etc!

IMO you are just a scaremonger of no standing!

Expand  

 

I have got absolutely nothing wrong, you are just parroting the other guy because you absolutely have 0 understanding of this.

 

It's not an 'age old' problem as it has been just discovered a couple of days ago! It could have been exploited for 20+ years, though, without anybody having an understanding for that.

 

It's not scaremongering, it's a real security threat.

 

 

  • Heart-broken 1
  • Haha 2

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.


ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
support@aseannow.com

×
×
  • Create New...