VPNs are widely known for their benefits, including preventing location-based overcharging, safeguarding online privacy, and enabling access to geographically restricted content like foreign Netflix libraries. Historically, VPNs have been considered safe, but a new investigation by Top10VPN challenges this assumption.
Collaborating with security researcher Mathy Vanhoef, Top10VPN uncovered critical vulnerabilities impacting over 4 million systems. These include VPN servers, home routers, mobile servers, and CDN nodes, with high-profile companies like Meta and Tencent among those affected. The findings, set to be presented at the USENIX 2025 conference in Seattle, highlight flaws in key protocols—IP6IP6, GRE6, 4in6, and 6in4—designed to secure data transmission.
According to the research, these protocols fail to ensure sender identity matches the authorized VPN user profile. This weakness allows attackers to exploit one-way proxies, repeatedly gaining unauthorized access undetected. By sending data packets using compromised protocols, hackers can launch denial-of-service (DoS) attacks or infiltrate private networks to steal sensitive information.
To mitigate these risks, experts recommend additional security mechanisms like IPsec or WireGuard, which ensure end-to-end encryption. These tools limit the ability to access VPN traffic data, decryptable only by the d
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: