Finally, is there security with VPNs?

A team of five researchers from London and Rome found that 14 from the world's leading Virtual Private Servers (VPN) has leaked IP data.broken chain VPN

Vasile C. Perta, Marco V. Barbera, and Alessandro Mei of Rome's Sapienza University, along with Gareth Tyson, and Hamed Haddadi of Queen Mary University of London report that vendors promise to protect the privacy of their users not applicable.

"Although a well-known issue, an experimental study reveals that most VPN services suffer from IPv6 traffic leaks," say study authors A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients [PDF].

"Our findings confirm the criticality of the current situation: in many of these [14] providers, there are total leaks, or a critical part of user traffic in mild environments.

"The reasons for these shortcomings are different, and if nothing else vague, or their nature has been little explored."

The team reviewed top companies such as: Hide My Ass, PrivateInternetAccess, and IPVanish.

They have made OpenWrt IPv6 dual stack connections via IPv4 Wi-Fi networks with Ubuntu, Windows, OSX, iOS 7 and Android updates.

So they created a simulated environment where users trust VPNs to protect them from a hostile network.

All from provider Astrill were open to IPv6 DNS hijacking attacks and only four companies did not leak IPv6 data.

No company was resistant to both threats.

Researchers report:

“Our project initially started as a general investigation, but we soon discovered that there is a serious vulnerability, IPv6 traffic leakage, that is pervasive in almost all VPN services. A further security check revealed two DNS hijacking attacks that allowed us to obtain in all movements and circulation of the victim.”

The researchers found that the most common VPN tunneling technologies rely on outdated technologies such as PPTP with MS-CHAPv2, which could with brute-force attacks.

The "vast majority" of commercial VPNs, according to the researchers, suffer from dual stack data leakage into IPv4 and IPv6 networks in such a way that they expose "significant amounts" of traffic contrary to the claims of the supplier.

"The most important thing we found is that the small amount of IPv6 traffic that leaks outside the VPN channel has the potential to expose the entire history ς του χρήστη, ακόμη και αν σερφάρει μόνο σε IPv4 . "

“While all VPN clients use the IPv4 routing table, they tend to ignore the IPv6 routing table. In addition there are no rules to redirect IPv6 traffic to the tunnel. This can cause all IPv6 traffic to bypass the VPN virtual interface. Although it was not a serious issue a few years ago, the increasing amounts of traffic that now exist over IPv6 make it a critical issue. " The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).