Researchers developed TunnelVision, an attack that diverts VPN traffic outside the encrypted tunnel, compromising user privacy. This may have been exploitable since 2002.
TunnelVision allows attackers to read, drop, or modify traffic, bypassing VPN encryption. The attack manipulates DHCP settings to route data through the attacker's server for snooping.
Leviathan Security's technique involves running a DHCP server on the same network as the target to intercept VPN traffic, exposing vulnerabilities since users connect to a malicious gateway.
Collection
[
|
...
]