Should consumer users of Total and F-Secure VPN be concerned about the tunnel attack mentioned below
Accepted Answer
-
Hello @JOnes
Thank you for your post and drawing attention to this important safety issue.
We have investigated this issue carefully in recent times.
We have checked the situation with our VPN products and how they behave in this attack which utilizes the DHCP option 121.
Windows and Mac: With Windows and Mac versions, we utilize the operating system firewall to prevent traffic from leaking to outside of the VPN tunnel. This prevents network traffic from going to the routes set by the attacker.
Android: The Android operating system doesn't support the DHCP option 121 so it is not vulnerable.
iOS: On Apple iPhones and iPads our VPN utilizes the operating system's own VPN implementation and is vulnerable to this issue. The operating system on those devices does support the DHCP option 121. Because of this, the attacker can hijack part of the traffic also when our VPN is turned on.
It appears that Apple is the only party who can fix this issue. We have reported this vulnerability to them already and we are waiting for their response.
We hope this information will be helpful.
Have a good one.
Pawel
Making every digital moment secure, for everyone