DEF CON Update: Researcher Shows How To Hack VPN Services Via VORACLE Attacks

in ahamednafeez •  6 years ago 


All of us think of VPNs as our savior when it comes to online privacy. VPNs play a vital role in protecting ourselves from potential hackers. But, what if the VPNs themselves get hacked? Another interesting report from DEF CON tells us how exploiting a compression algorithm against VPNs can increase VORACLE attacks.

VORACLE Attacks Can Result In VPN Compromise


At DEF CON, a researcher Ahamed Nafeez demonstrated a method to hack VPNs. However, it worked only in the case of HTTP connections, VPNs working with HTTPS remain safe from this attack.

As explained by Ahamed, the VORACLE attack involves exploiting compression algorithms to alter VPN encryption features. In other words, VORACLE is simply a Compression Oracle Attack on a VPN. VPNs working over the OpenVPN protocol first compress the user data transmitted between a user and the VPN server prior to encryption.

Nafeez explained his findings through a detailed presentation. Thankfully, conference officials have uploaded the presentation on the DEF CON media server.

VORACLE attacks process on VPN
Slide from Ahamed Nafeez's presentation delivered at DEF CON 2018, showing how an attacker could exploit VPN compression to access encryption keys.

VPNs Vulnerable To VORACLE Also Include Some Renowned Services


In his demonstration, Nafeez did not use any specific VPN. Rather he simply analysed the OpenVPN code to highlight the vulnerability. Yet, his findings hint that all VPNs using OpenVPN protocol are vulnerable to VORACLE attacks. These VPNs include some popular brands as well, including NordVPN, PureVPN, Private Internet Access, Hotspot Shield, and ExpressVPN. All these VPNs tend to compress user data before encryption.

Yet, TunnelBear currently remains safe from this vulnerability as it does not offer data compression.

Fortunately there is a little bit of a silver lining since most of websites today use SSL. Considering how CRIME (in 2012), TIME and BREACH attacks (in 2013) created problems with TLS protocols used by websites, HTTPS went through several changes and is now hardened to such attacks. Never the less, a number of websites still do not use HTTPS.

Nafeez went on to say:

“It is time everything moves to HTTPS. There is really no excuse for any website not to use it anymore.”
Though Google has already begun marking HTTP websites as “Not Secure”, many web links do not switch to HTTPS. Nafeez suggests that VPNs should stop compressing data before encryption, just as TunnelBear has done.

Let us know your thoughts on this in the comments section.


Posted from my blog with SteemPress : https://latesthackingnews.com/2018/08/14/def-con-update-researcher-shows-how-to-hack-vpn-services-via-voracle-attacks/

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Congratulations @twr! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :

You published 4 posts in one day

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!