A research team has discovered a flaw in Unix-based operating systems, including Linux, Android, and macOS, which allows attackers to hijack and tamper with VPN connections.
The vulnerability exploits how these operating systems reply to unexpected network packet requests.
“[The flaw] allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website,” said the team in its report.
“Additionally, we are able to determine the exact seq and ack numbers by counting encrypted packets and/or examining their size. This allows us to inject data into the TCP stream and hijack connections.”
Operating systems on which the team successfully exploited the vulnerability include:
- Ubuntu 19.10
- Debian 10.2
- Arch 2019.05
- Manjaro 18.1.1
- MX Linux 19
- Void Linux
- Slackware 14.2
The research team said that their attack worked against several popular VPN services, including OpenVPN WireGuard,\ and IKEv2/IPSec.
“The VPN technology used does not seem to matter,” said the research team.
Jason A. Donenfeld, the creator of WireGuard, told ZDNet that the issue isn’t a WireGuard vulnerability, “but rather something in the routing table code and/or TCP code on affected operating systems.”