In August 2018 a security researcher Ahamed Nafeez revealed a new vulnerability in the OpenVPN protocol. He called it “Voracle” and it can basically target any VPN connection which is using this protocol. Even though attacker needs several other elements to accomplish the hack, the first three major VPN vendors NordVPN, ExpressVPN and TunnelBear, came with the easy fix few days after the hack was published. Is this something you should be afraid as a VPN user?
How Does Voracle VPN Hack Works
The problem is in the encryption in the OpenVPN protocol used by default. And most of the major VPNs are using OpenVPN.
It compresses all the data before they are encrypted. If attacker adds known data to the traffic before its encrypted, he is eventually able to decode the encryption key and read the whole conversation between the client and VPN server.
However, to be able to do this several other conditions need to be met:
- The attacker needs to be on the same network as the victim
- The victim needs to use HTTP connection and visit the attacker's website
- The victim can't be using Google Chrome which is somehow blocking the attacker
- The victim needs to be using a VPN with OpenVPN protocol and enabled encryption
How to Fix Voracle Vulnerability
As you can guess the fix on the vendor's side is quite simple. Just disable the encryption in the OpenVPN protocol. And that's what all NordVPN, ExpressVPN, and TunnelBear did.
It's not clear whether disabling compression leads to decreased performance and connection speeds. At this point, we are also not sure how many of other VPN vendors have actually fixed this vulnerability. If you are aware of any other, just comment below and we will be happy to update the post.
To learn more about Voracle check out Ahamed's presentation “Voracle – Compression Oracle Attacks on VPN Tunnels” which he presented in August 2018 in Las Vegas at the Black Hat conference.