Jump to content
Not connected, Your IP: 3.237.178.126
Sign in to follow this  
IronConnection

AirVPN and VORACLE? (An attack used to decrypt HTTP traffic sent via VPNs)

Recommended Posts


 

"A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions.
The attack was discovered by security researcher Ahamed Nafeez, who presented his findings at the Black Hat and DEF CON security conferences held last week in Las Vegas."

 

Nafeez says his VORACLE attack only works against VPN services/clients built on top of the OpenVPN protocol.
The reason is that the open-source OpenVPN protocol uses a default setting that compresses all data before encrypting it via TLS and later sending it via the VPN tunnel —hence satisfying the conditions of the old CRIME, TIME, and BREACH attacks.

 
Source: https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/
 
Hello everyone, I've recently read that article above about this new attack called VORACLE that can possibly allow an attacker to recover data from HTTP traffic sent through a VPN.
I've searched these forums for anything mentioning voracle but no results so I'm starting this topic out of interest and concern, and some questions for AirVPN staff.
 
Is AirVPN completely protected from this new attack?
Or is this something that AirVPN needs to *address and what can/will be done, if not why?
What can AirVPN users do against this if anything or what are the exact steps to configure inside Eddie if anything?
 

UPDATE [August 16] An ExpressVPN spokesperson has told Bleeping Computer that their service has also disabled compression to prevent VORACLE attacks.

 
(*With the above quote in-mind does AirVPN need to do the same for its service?)
 
Appreciate any replies and interest in the matter. Thanks.

Share this post


Link to post

Hello!

 

The problem does not affect AirVPN, not even if you use a vulnerable browser. AirVPN has not been using compression since around 2013.

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...