TechSpot

Study discovers security vulnerabilities in 14 popular VPN services

  1. [parsehtml]<p><img src="http://www.techspot.com/images2/news/bigimage/2015/07/2015-07-02-image-27.jpg" /></p> <p>This week, researchers from Sapienza University of Rome and Queen Mary University of London published <a href="http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf">a study</a> detailing security vulnerabilities among 14 popular VPN service providers. While normally these services are seen as a secure way to transfer data over a public network or get onto blocked websites, some of them can actually reveal your entire browsing history. This is due to what the researchers describe as &quot;IPv6 traffic leakage&quot; and &quot;DNS hijacking.&quot;</p> <table class="article-table alt" style="font-size:0.8em;" width="100%"> <tbody> <tr class="title"> <th>Provider</th> <th>Countries</th> <th>Servers</th> <th>Technology</th> <th>DNS</th> <th>IPv6-leak</th> <th>DNS hijacking</th> </tr> <tr> <td>Hide My ***</td> <td>62</td> <td>641</td> <td>OpenVPN, PPTP</td> <td>OpenDNS</td> <td><span style="color:#FF0000;">Y</span></td> <td><span style="color:#FF0000;">Y</span></td> </tr> <tr> <td>IPVanish</td> <td>51</td> <td>135</td> <td>OpenVPN</td> <td>Private</td> <td><span style="color:#FF0000;">Y</span></td> <td><span style="color:#FF0000;">Y</span></td> </tr> <tr> <td>Astrill</td> <td>49</td> <td>163</td> <td>OpenVPN, L2TP, PPTP</td> <td>Private</td> <td><span style="color:#FF0000;">Y</span></td> <td>N</td> </tr> <tr> <td>ExpressVPN</td> <td>45</td> <td>71</td> <td>OpenVPN, L2TP, PPTP</td> <td>Google DNS, Choopa Geo DNS</td> <td><span style="color:#FF0000;">Y</span></td> <td><span style="color:#FF0000;">Y</span></td> </tr> <tr> <td>StrongVPN</td> <td>19</td> <td>354</td> <td>OpenVPN, PPTP</td> <td>Private</td> <td><span style="color:#FF0000;">Y</span></td> <td><span style="color:#FF0000;">Y</span></td> </tr> <tr> <td>PureVPN</td> <td>18</td> <td>131</td> <td>OpenVPN, L2TP, PPTP</td> <td>OpenDNS, Google DNS, Others</td> <td><span style="color:#FF0000;">Y</span></td> <td><span style="color:#FF0000;">Y</span></td> </tr> <tr> <td>TorGuard</td> <td>17</td> <td>19</td> <td>OpenVPN</td> <td>Google DNS</td> <td>N</td> <td><span style="color:#FF0000;">Y</span></td> </tr> <tr> <td>AirVPN</td> <td>15</td> <td>58</td> <td>OpenVPN</td> <td>Private</td> <td><span style="color:#FF0000;">Y</span></td> <td><span style="color:#FF0000;">Y</span></td> </tr> <tr> <td>Private Internet Access</td> <td>10</td> <td>18</td> <td>OpenVPN, L2TP, PPTP</td> <td>Choopa Geo DNS</td> <td>N</td> <td><span style="color:#FF0000;">Y</span></td> </tr> <tr> <td>VyprVPN</td> <td>8</td> <td>42</td> <td>OpenVPN, L2TP, PPTP</td> <td>Private (VyprDNS)</td> <td>N</td> <td><span style="color:#FF0000;">Y</span></td> </tr> <tr> <td>Tunnelbear</td> <td>8</td> <td>8</td> <td>OpenVPN</td> <td>Google DNS</td> <td><span style="color:#FF0000;">Y</span></td> <td><span style="color:#FF0000;">Y</span></td> </tr> <tr> <td>proXPN</td> <td>4</td> <td>20</td> <td>OpenVPN, PPTP</td> <td>Google DNS</td> <td><span style="color:#FF0000;">Y</span></td> <td><span style="color:#FF0000;">Y</span></td> </tr> <tr> <td>Mullvad</td> <td>4</td> <td>16</td> <td>OpenVPN</td> <td>Private</td> <td>N</td> <td><span style="color:#FF0000;">Y</span></td> </tr> <tr> <td>Hotspot Shield Elite</td> <td>3</td> <td>10</td> <td>OpenVPN</td> <td>Google DNS</td> <td><span style="color:#FF0000;">Y</span></td> <td><span style="color:#FF0000;">Y</span></td> </tr> </tbody> </table> <p>Out of the 14 VPN services covered by the study, 10 were vulnerable to IPv6 leaks and only one was safe from DNS hijacking. None of the VPN providers were secured against both IPv6 leaks and DNS hijacking.</p> <p>The issues stem from the VPN providers manipulating the IPv4 routing table but ignoring the IPv6 table. Plus, the paper notes the VPN tunnel protocol PPTP, which is common among the VPN service providers, is particularly vulnerable.</p> <p>To end the traffic leakage, the researchers suggest the providers ensure their IPv6 table captures all traffic. Additionally, a change should be made to the VPN tunnel protocol so it secures the DNS. Hopefully, the critiqued VPN providers will take notice of the research and swiftly address the security flaws.</p> <p class="grey">Header Image: <a href="http://www.shutterstock.com/pic-282572594/stock-photo-grey-keyboard-green-enter-button-vpn-lock-symbol.html?src=BvfkAlU8b5fy4RziVN2c3g-1-9">Shutterstock</a></p><p><a rel='alternate' href='http://www.techspot.com/news/61224-study-discovers-security-vulnerabilities-14-popular-vpn-services.html' target='_blank'>Permalink to story.</a></p><p class='permalink'><a rel='alternate' href='http://www.techspot.com/news/61224-study-discovers-security-vulnerabilities-14-popular-vpn-services.html'>http://www.techspot.com/news/61224-study-discovers-security-vulnerabilities-14-popular-vpn-services.html</a></p>[/parsehtml]
     
  2. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,624   +377

    Am I right in thinking if your ISP isn't serving you on ipv6, you wouldn't be affected as you'd be operating exclusively on ipv4 routing?

    I know that doesn't mean they shouldn't fix this urgently but it won't be anywhere near as widespread short term impact at least...
     
  3. Evernessince

    Evernessince TS Evangelist Posts: 1,195   +592

    It doesn't really matter if one end of the connection uses IPv4 as your data is going to be accessible at some point on a IPv6 node making it's way to it's destination. I'm guessing most of these VPNs knew about this issue, IPv6 is becoming an increasingly important standard.
     
  4. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,624   +377

    I thought the biggest problem with ipv6 is that ipv4 routes entirely across ipv4? There was no bridging or translation. I.e. an ipv4 endpoint *cannot* contact a pure ipv6 endpoint AND an ipv4 endpoint cannot route across an ipv6 route?

    See this diagram. The *server* is ipv4. The incoming connections are translated from ipv6 to ipv4. NOT the other way around. I.e. the network box presented an ipv6 endpoint to the world.
    https://www.network-box.com/IPv4-IPv6Bridging

    There is no translation for for ipv4 traffic out from a client to an ipv6 endpoint and I believe this is the same for routing. This is precisely the reason why ipv6 has had slow adoption. Only people with ipv6 internet connections can access them (massively vast majority on ipv4 exclusively of course).
     
    Last edited: Jul 4, 2015
  5. Evernessince

    Evernessince TS Evangelist Posts: 1,195   +592

    I wasn't talking about translating IPv6 to IPv4. I was talking about network nodes (servers, backbone, ect) that support both IP versions (which should be quite allot until we fully finish the IPv6 conversion). If a client with IPv4 is connecting to a server that supports both IPv6 and 4 on a VPN, what would stop a hacker from accessing through the stated IPv6 leak?

    You original question

    "Am I right in thinking if your ISP isn't serving you on ipv6, you wouldn't be affected as you'd be operating exclusively on ipv4 routing?"

    My point was that the IPv6 hack doesn't target you at all, it targets the servers that you are connecting to that support both IPv6 and IPv4. You may be connecting by IPv4 but the server has an two addresses, one v4 and one v6.
     
  6. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,624   +377

    The ipv4 traffic wouldn't be leaked tho...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...