SAN FRANCISCO – Virtual private networking (VPN) companies advocate for their services as a safeguard against Internet snooping, promising to protect users’ online activity. However, new research suggests that connecting to a VPN through an untrusted network may not be as secure as believed, as attackers on the same network could divert a user’s traffic away from the VPN’s protection without alerting the user.
When a device seeks to join a network, it sends out a message across the local network requesting an Internet address. Typically, only the network’s router responds to this request. The router, acting as a Dynamic Host Configuration Protocol (DHCP) server, assigns IP addresses to devices and sets a local address as the primary route to the Internet.
Researchers at Leviathan Security have found that through exploiting an obscure feature in the DHCP standard, attackers can manipulate a user’s connection to a rogue DHCP server, diverting traffic away from the VPN and potentially compromising the user’s security. By using DHCP option 121, attackers can set up routing rules that take precedence over those of the VPN’s virtual network interface.
Leviathan’s findings reveal that the attack can be deployed by compromising a DHCP server, setting up a rogue wireless access point, or creating an “evil twin” wireless hotspot mirroring a legitimate provider’s signal. The attack, known as a DHCP starvation attack, can be executed to intercept traffic flowing through a VPN connection without triggering any alerts.
Experts warn that high-profile targets, such as individuals susceptible to spear phishing attacks, should exercise caution when using VPNs on untrusted networks. Although the attack may not reveal the content of encrypted websites, attackers can still access metadata, including source and destination addresses, of the traffic passing through.
Mitigating the threat from rogue DHCP servers on unsecured networks can involve using devices powered by the Android operating system, setting up password-protected hotspots controlled by cellular devices, or running VPNs within virtual machines. Leviathan’s research sheds light on the limitations of VPN technology in protecting users from threats within local networks, highlighting the need for better security practices and awareness among VPN users.