A team of university researchers discovered a fundamental set of vulnerabilities in the way popular VPN platforms operate.
The researchers said the vulnerability, dubbed “Port Shadow,” allows a man-in-the-middle condition where an attacker could potentially intercept, de-anonymize, and decrypt VPN traffic.
The joint effort saw researchers from Citizen Lab, University of Michigan, Arizona State University, and University of New Mexico team up to uncover a vulnerability in the way VPNs handle network connection tracking.
“It enables efficient management of connections across various kernel threads and processes within the system,” the researchers explained.
“Yet, this approach also introduces shared states that, if not properly managed, can pose potential security risks to any applications dependent on the framework.”
The problem, the team said, is that in some cases the VPN platforms do not properly isolate these connections from one another. Should an attacker be able to manipulate the connection tracking table, they would effectively be able to re-route the traffic of other users to their own.
In practice, this means that the threat actor would effectively be able to snoop on non-encrypted traffic and potentially gain the ability to decrypt secured traffic and obtain even more sensitive information.
The researchers noted that unlike previous attacks on VPNs, the threat actor does need to completely take over the VPN itself or already have man-in-the middle access. In fact, they said the procedure could be performed with a user-level account.
Adding to the danger is the fact that the flaw appears to be nearly universal as it preys on the basic operations of the VPN.
“The broad applicability of the port shadow across configurations indicates that the vulnerability lies not within any specific VPN protocol, but rather in the underlying systems that facilitate VPN operations,” the team noted.
Such a vulnerability could have an international impact. While cybercriminals and threat actors would of course want to capitalize on the flaw, exploiting VPNs could be particularly attractive to oppressive governments.
The ability to compromise a VPN could be extremely useful for authorities in regions where the platforms are used by media and dissidents to circumvent government monitoring and censorship tools.
