Security Researchers Raise Alarm Against Top VPN Services That Enable Hackers To Divert Traffic Outside VPN Tunnels

If you happen to be an avid user of VPN services for your business then you should definitely read further about an alarming threat linked to Cisco routers.

Security experts are having their says about how some major flaws were discovered in leading VPN service providers like Cisco, which put users and their data at risk through the hands of hackers.

The vulnerabilities end up diverting traffic out of VPN tunnels as confirmed in recently published research by a series of authors who hail from several universities around the globe. They went on to delineate how the loopholes affect classic Cisco routers and are now being dubbed as TunnelCrack.

The vulnerability is affecting a commonly used VPN service for iOS devices called Cisco Secure client, no matter what the user’s configuration may be.

The research that has been given the title of Bypassing Tunnels was shown to leak the traffic of clients using the VPN through abuse of the various routing tables. Moreover, the authors spoke about how the initial set of vulnerabilities that include LocalNet attacks may be exploited whenever someone links to Wi-Fi services that might not be trusted.

The other vulnerability set that is dubbed ServerIP attack could get exploited through untrusted Wi-Fi networks and internet service providers that are malicious in nature. Such attacks end up taking the routing table and tricking the user into believing that their traffic is being dealt with safely. But in all reality, it just continues to send the traffic out of the secure VPN tunnel. And in the end, this would cause an interception of traffic that has been transmitted.

After the study hit the public eye, people were just baffled as to what in the world is going on. We saw experts signal an alarm, causing Cisco to wake up and issue statements on the matter. They agreed on how such vulnerabilities could be taken for granted by hackers through traffic redirection.

They also outline how there was no need for a patch as they were working on fixing it by adding several new firewall rules which would solve the matter very soon.

The company issued a statement on the matter as panic was running at an all-time high. So many clients expressed concern and that’s when Cisco delineated how all those people that have configured clients in a manner that enables LAN access needed to follow some precautions.

They would now be required to apply firewall rules to only those resources that are deemed necessary.


Read next: Asia Pacific Becomes The Hardest Hit Region For Internet Restrictions As Nearly 89% Of The Population Experienced Them
Previous Post Next Post