Client-side Vulnerabilities in Commercial VPNs


Abstract in English

Internet users increasingly rely on commercial virtual private network (VPN) services to protect their security and privacy. The VPN services route the clients traffic over an encrypted tunnel to a VPN gateway in the cloud. Thus, they hide the clients real IP address from online services, and they also shield the users connections from perceived threats in the access networks. In this paper, we study the security of such commercial VPN services. The focus is on how the client applications set up VPN tunnels, and how the service providers instruct users to configure generic client software. We analyze common VPN protocols and implementations on Windows, macOS and Ubuntu. We find that the VPN clients have various configuration flaws, which an attacker can exploit to strip off traffic encryption or to bypass authentication of the VPN gateway. In some cases, the attacker can also steal the VPN users username and password. We suggest ways to mitigate each of the discovered vulnerabilities.

Download