Study finds VPNs Vulnerable to a Certain Form of Cyberattack

| | , ,

Pandemic-induced lockdowns and restrictions led to a surge in the use of virtual private networks (VPNs). Though service providers like Call Spectrum provide excellent content, they still cannot replicate the freedom to browse the web like VPNs do.  

What is a Virtual Private Network?

A virtual private network or a VPN is a digital tool that disguises your IP address allowing you to send and receive data via a safe and secure virtual tunnel. It establishes a link between the user and their ISP’s data center, creating multiple ports for data to safely travel through them.  

However, a new report has found these private networks vulnerable to threats due to the hacker’s ability to hit their targets with fake data packets via the said private tunnels. The report states that hackers transmit fake data packets to random ports. These data packets are of various sizes.  

How Do Hackers Target VPN Users?

Cybercriminals have found new ways to infiltrate VPN networks. One such attack involves the use of fake data packers. Hackers send these outer data packets to various ports. If the VPN doesn’t recognize the size of the packets, it rejects them. However, when one of the packets hits the right port, it gains access to the network.  

Hackers behind the screens monitor the data packets that successfully make it through ports. They modify the source address of the data packets to trick the system into thinking that it is receiving something from the other end of the VPN tunnel. Hackers then use the infiltrators to successfully infect the targeted system with viruses and malware.  

IT experts believe such attacks are highly advanced and can’t be pulled off by amateurs. Cybersafety expert Gareth Tyson says a kid won’t be able to pull off such a high-level cyber attack. “It’s something that does require some dedicated effort, and in some cases a pretty powerful adversary,” he tells New Scientist. He went on to add that this type of attack is more likely to take place in authoritarian regimes. 

Who Discovered the Vulnerability?

A team of cybersecurity experts led by William Tolley unearthed the sophisticated attack. Tolley is the co-founder of Breakingpoint Bad. The organization works to uncover “technical security issues motivated by privacy, free speech, and human rights”. He says that the said Trojan horse attack could affect any VPN, referring to it as a “fundamental networking vulnerability”.  

Breakingpoint Bad emphasizes the importance of using VPNs to protect private information from hackers. The nonprofit states that its intent is “to provide technical expertise and capabilities to at-risk populations subjected to repressive and authoritarian control”.  

Breakingpoint Bad states it has raised the issue with several VPN solution providers but doesn’t expect all VPN companies to upgrade their security solutions to address the said vulnerability. Ars Technica reports similar inconvenience, saying that many VPN services did not meet patch requirements during 2020.    

How Many VPN Attacks Have Taken Place in Recent Years?

Cybersecurity experts have so far identified more than 9,000 attacks that infiltrated VPNs on systems. Tenable, a cybersecurity firm, explains the process of how hackers can bypass VPNs to target users. In the proposed attack, computer criminals send modified HTTP requests to systems “resulting in arbitrary code execution as well as the ability to reload the device, resulting in a denial of service (DoS)”.  

It is worth mentioning that VPNs won’t protect you against cyberattacks that can easily bypass your IP address. This could happen in cases where users visit unauthorized websites or try to download third-party applications. That dismisses the widespread notion that VPNs are the ultimate solution to cyberattacks like viruses and malware.  

Are VPN Attacks Avoidable?

Top cybersecurity bodies of the US, the UK, and Australia recently released a joint advisory. It was meant for VPNs and cloud-based technology users, including companies and businesses. They stated that four of the most common cyberattacks that took place in 2018-2020 targeted tech and tools that provided employees remote access to company systems.  

Breaking point Bad suggests avoiding VPNs to protect valuable information and data from government entities and rogue agencies. “’Our advice is to avoid VPNs if you’re trying to keep your information private from government entities, or something like that,” states Trolley. 

Y'berion Pyrokar
Latest posts by Y'berion Pyrokar (see all)

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.