This week, it was shown that snoops may utilize a few methods collectively known as TunnelCrack to compel victims’ network traffic to leave their encrypted VPNs under the correct conditions. All the information is contained in their jointly authored Usenix accepted paper (PDF). More than 60 VPN clients were examined by the researchers, who concluded that “all VPN apps” for iOS are susceptible. Of the group, Android seems to be the most secure.
On Tuesday, a group of academics led by Nian Xue of New York University, Yashaswi Malla, Zihang Xia, Christina Popper, and Mathy Vanhoef of imec-DistriNet and KU Leuven described the attacks’ mechanisms, shared proof-of-concept exploits, and concluded that “every VPN product is vulnerable on at least one device.”
[Read More…](Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping)