Image default

TunnelVision hack allows attackers to bypass VPN protections

VPNImage: khunkornStudio/

Cybersecurity researchers have uncovered a vulnerability that could have huge consequences for VPNs and their users. 

The team at Leviathan Security revealed their findings in a blog post on their website and dubbed the exploit TunnelVision. They say that it can allow attackers to bypass VPN protections and expose user traffic — essentially rendering a VPN useless.

VPNs are one of the most popular and widely used security tools on the market. They play a critical role in securing the traffic and data of users.

In recent years, VPN providers have become household names thanks to their promises of online privacy and anonymity. A survey done by NordVPN found that nearly 33 percent, or one in three, Americans regularly use a VPN.

With that many users just in the U.S. alone, there is major cause for concern if this TunnelVision exploit is being used. And that’s entirely possible since, according to the security team, it’s been around since as early as 2002.

As described in the blog post, if an attacker has administrative control over the local network that a potential victim is trying to connect to, they can manipulate the DHCP server that allocates IP addresses. 

A setting known as option 121 then allows the DHCP server to override default routing rules that send VPN traffic through a local IP address, usually triggering an encrypted tunnel. If this happens, the attacker can allow all or just some of the data traveling across the DHCP server to be routed through the unencrypted tunnel instead. This traffic would then be viewable by the attacker.

In either case, the VPN application will continue to report that everything is normal and that all data is being sent through the protected connection.

Researchers admitted that there is no clear fix for the issue. Simply removing support for DHCP in theory could fix the vulnerability, but they admitted it’s not a viable option “because this could break internet connectivity in some legitimate cases.”

As of right now, the only operating system that is immune from this hack is the Android OS as it doesn’t use option 121. For all other OSes, there are no definite fixes.

While ExpressVPN has already stated that it’s confident its Network Lock kill-switch feature still protects users, those using other VPNs are left questioning how safe their VPN connection really is. 

In the meantime, the best thing users can do is to make sure that they only connect to trustworthy networks and limit their usage of that local coffee shop Wi-Fi until a fix is implemented.

Sam Singleton is a tech editor and PCWorld’s jack of all trades. When he’s not on the hunt for the best computer deals he’s covering VPNs, productivity software, laptops, and a wide gamut of consumer-grade hardware and software.

Recent stories by Sam Singleton:

Best VPNs for Android 2024: Our picks for phones and tabletsProtonVPN review: Great paid plan, even better free planTexans are denied adult sites — a good VPN is the answer

Related posts

TechCrunch Early Stage 2024 Women's Breakfast: Exploring AI's impact on founders


Red Hat formulates a plan for building enterprise mobile apps


Sony joins AllSeen Alliance to push for common ground in IoT


Leave a Comment