Massive Security Hole In VPNs Shows Their Shortcomings As A Defensive Measure
CSO Online, Monday, May 6th, 2024
Researchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there.
A massive security hole in virtual private networks (VPNs) reported this week highlights the fact that they were never intended to fulfill a security function despite widespread use as a defensive feature, according to security experts.
The VPN security hole vulnerability, which can neither be patched nor meaningfully negated, was reported in a blog post by the Leviathan Security Group. The researchers outline a methodology dubbed TunnelVision that attackers can use to divert data within the VPN to a place where it can be read in clear text.