A new vulnerability that could allow potential attackers to hijack VPN connections on affected NIX devices and inject arbitrary data payloads into IPv4 and Ipv6 TCP streams has been discovered by security researchers.
The researchers disclosed the security flaw they detected, tracked as CVE-2019-14899, to Linux distro makers, the Linux kernel security team and to others that are impacted including systemd, Google, Apple, OpenVPN and WireGuard.
As of now, the vulnerability is known to impact most Linux distributions as well as Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS and Android.
Linux security flaw
The vulnerability was discovered by William J. Tolley, Beau Kujath and Jedidiah R. Crandall who are all Breakpointing Bad researchers at the University of New Mexico. In a blog post revealing their discovery, Tolley provided more details on the security flaw, saying:
“I am reporting a vulnerability that exists on most Linux distros, and other *nix operating systems which allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website. Additionally, we are able to determine the exact seq and ack numbers by counting encrypted packets and/or examining their size. This allows us to inject data into the TCP stream and hijack connections.”
Thankfully the researchers also said that mitigation is possible by turning reverse path filtering on, by using bogon filtering to filter fake IP addresses or by using encrypted packet size and timing. Once they find an appropriate workaround, the researchers are also planning to publish a paper with in-depth analysis of the vulnerability.
“VPNs should ideally be seen and used as another tool in the cyber security toolkit, rather than something to use constantly. There have been a few stories mentioning breaches to VPN services this year, but I think they still have a role to play in data privacy.
The majority of people will not be directly targeted in this type of attack, however they may be part of an untargeted breach of data if caught up in something like a simple man-in-the-middle attack in a public Wi-Fi zone. Where 4G is offered, this is far more secure than any public Wi-Fi for privacy and security reasons, although I do appreciate that some people will need to jump on public Wi-Fi in some circumstances. Naturally, C-Suite level personnel or similar should increase their security where necessary and use a variety of different protection methods.”
- Also check out our complete list of the best VPN services