Skip to content
Search
Close search
Menu
Home News TunnelVision Vulnerability 

What is it? 

TunnelVision is a new security vulnerability that affects VPN applications. It allows attackers to steal data that should be encrypted by the VPN. The vulnerability exists because of a setting called DHCP option 121, which can be used to manipulate routing rules. This diverts traffic away from the VPN’s encrypted tunnel. 

How does it work? 

Attackers can exploit the TunnelVision vulnerability by setting up a rogue DHCP server on the same network as the victim. The rogue DHCP server will then send a message to the victim’s device, telling it to use the rogue server for DNS resolution. Once the victim’s device is using the rogue server, the attacker can intercept and decrypt all of the victim’s traffic. 

What are the risks? 

The TunnelVision vulnerability is a serious security risk. It can be used to steal sensitive data, such as credit card numbers, passwords, and personal information. It can also be used to spy on victims’ communications and track their online activity. 

How can I protect myself? 

There are a few things you can do to protect yourself from the TunnelVision vulnerability: 

  • Use a VPN that is known to be secure. 
  • Keep your VPN software up to date. 
  • Be careful about what networks you connect to. 
  • Use a firewall. 
  • Be aware of the risks of using public Wi-Fi. 
  • What should I do if I’ve been a victim? 

If you think you may have been a victim of the TunnelVision vulnerability, you should take the following steps: 

  • Change your passwords. 
  • Scan your devices for malware. 
  • Contact your VPN provider for support. 

Additional resources 

TunnelVision: How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak 

Novel attack against virtually all VPN apps neuters their entire purpose 

13.05.24
Threat Intelligence Alerts
Mike Smith
Written by
Mike Smith
Incident Response & Threat Intelligence Manager

Related articles