Menu
VPN users, beware: You may not be as safe as you think you are

VPN users, beware: You may not be as safe as you think you are

Thanks to IPv6 leakage, your data could be out there for anyone to see

Security

Security

It's become common practice to use virtual private networks for extra privacy and security in this era of mass surveillance, but a study published this week suggests such networks may not be as safe as they're commonly made out to be.

In fact, because of a vulnerability known as IPv6 leakage, many of them can expose user information to prying eyes, according to a paper from researchers at Sapienza University of Rome and Queen Mary University of London.

Entitled "A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients," the report describes a study conducted late last year that examined 14 popular commercial VPN providers around the world.

Specifically, the researchers tested the VPNs by attempting two kinds of attacks: passive monitoring, whereby a hacker might simply collect the user's unencrypted information, and DNS hijacking, where the hacker would redirect the user's browser to a controlled Web server by pretending to be a popular site like Google or Facebook.

What they found was unnerving: 11 of the 14 providers leaked information, including the websites the user was accessing and the actual content of the user's communications. The only three that didn't were Private Internet Access, Mullvad and VyprVPN. TorGuard offered a way around the problem, they noted, but it wasn't enabled by default.

The study also examined the security of various mobile platforms when using VPNs and found that they were much more secure when using iOS but were still vulnerable to leakage using Android.

Interactions with websites running HTTPS encryption were not leaked, the researchers noted.

So what's to blame for the leakage? One factor is that while network operators are increasingly deploying IPv6, many VPNs still protect only IPv4 traffic, the researchers concluded.

Another problem they found, however, is that many VPN service providers still rely on outdated tunneling protocols such as PPTP that can be easily broken through brute-force attacks.

The authors point to Tor along with Linux distributions such as Tails as potential alternatives for those seeking anonymity. Enterprise VPNs, meanwhile, are largely unaffected by the leakage problems, they said.

"For the average business user of VPN technology, there is no impact," said Steve Manzuik, director of research at Duo Security.

Users who rely on VPN services for privacy, however, should "always be aware of what protocols their systems are transmitting on and consider a VPN service that also provides coverage for those or at the very least disable those that are unused," Manzuik advised.

It's also worth noting that VPN technology was not designed to offer privacy so much as to offer a more secure way to connect to an organization's internal network infrastructure via untrusted networks, he pointed out.

"Even with a well-configured VPN in place," Manzuik said, "there are other methods to identify a user and violate their perceived privacy."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags NetworkingsecurityQueen Mary University of Londonmobile securityvpnSapienza University of Romeencryption

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments