Jump to content
Not connected, Your IP: 3.145.102.18
Sign in to follow this  
Crewman6639

TunnelCrack

Recommended Posts

Posted ... (edited)

Is there any information regarding how/if airvpn is affected by the tunnelcrack vulnerabilities.

Sorry if there is info posted and I missed it.

Edited ... by Crewman6639
Spelling

Share this post


Link to post

Hello!

Paper of Tunnelcrack attack: https://www.usenix.org/system/files/usenixsecurity23-xue.pdf

First quick reply, we might add information in the future. The Tunnelcrack can be finalized with two different attacks: LocalNet and ServerIP, provided that:

  • the victim connects to a network fully controlled by the attacker (for Localnet attack)
  • the victim DNS queries are poisoned and the attacker has all the features of an "on path" attacker (for ServerIP attack)

 

LocalNet attack

If you are in a WiFi unencrypted or not trusted (even if encrypted) network, or you are in an untrusted network in general (including Ethernet) prevent LocalNet attack by not allowing communications within the local network. This is default option in Eddie's Network Lock (please make sure that Allow LAN is not checked in Preferences > Network Lock settings window), while the AirVPN Suite for Linux allows this traffic by default so do not use it in untrusted network until we implement the option to block local network. Eddie Android edition forbids local traffic by default but you can enable this option in the Settings. Make sure you do NOT enable it when the device is connected to an untrusted network.
 

ServerIP attack

ServerIP attack requires DNS poisoning/spoofing, so Eddie Desktop Edition and Bluetit/Goldcrest are immune. It's mainly up to the local system to use reliable DNS (consider DNS over TLS or DNS over HTTPS) and protect the queries, but for additional safety use profiles with only IP addresses, and not host names, if you run directly OpenVPN, WireGuard, Hummingbird, or any other software needing profiles. Our CG will generate profiles with country domain names, so avoid country selection but prefer single server selection, or secure your DNS queries. When you select specific servers, the CG will insert IP addresses for the servers and not names. Eddie Android edition and the AirVPN Suite resolve domain names if you order a connection to a country, so avoid this type of connection. It is planned that next release will no more use country domain names.

Once inside the VPN, ServerIP attack variation with "route hijack" (described in an old paper) fails in AirVPN (even if you query the VPN DNS) because the DNS server address matches the VPN gateway address.
 

TL;DR

The Tunnelcrack attack can be easily defeated by not allowing communications with the local network when you are in an untrusted network and by using secure DNS or direct IP addresses to point to VPN servers when you start the VPN connection. All of the above can be easily obtained with our service or it is already implemented by default.

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...