A new vulnerability has been discovered in Linux, Android, macOS and other Unix-based operating systems. Malicious parties could be able to hack VPN connections because of the vulnerability.
The research team ‘The Breakpointing Bad’, of the University of New Mexico, shared the findings. When a vulnerable endpoint uses a VPN connection, data can be injected to hijack the connection.
Full paper not yet available
In part of their paper, the three researchers from the university discuss the possible scenarios, the extensive tests and a number of possible solutions. According to the researchers, the complete paper will only be published once a solution has been found with which they themselves are satisfied. This is in order to prevent any consequences of the publication (e.g. a description of how the attacks can be carried out).
Earlier this year, Android was contacted to discuss the findings, after which action was taken. The researchers are of the opinion that this is not enough. Although the solution that Android came up with would work only if established that intercepted data was being sent, according to the researchers it would not prevent the possibility attacks being launched.
It is also mentioned that the attacks on Linux distributions are not possible on every version. Ubuntu 19.10 is an example of a well-known Linux version. Other affected distributions include Debian 10.2, MX Linux19, Fedora, and OpenBSD.