VORACLE VPN Attack

Internet security is still evolving and a recent discovery by Ahmed Nafeez, a security researcher revealed that even VPNs are vulnerable. This discovery is worth panicking but not yet, first take your time and read the whole article. VORACLE is an attack that can recover data sent via a VPN. This data, however, must be using HTTP traffic.

VORACLE

VORACLE has been around for sometimes and what makes it somehow unique is that it uses a variation of cryptographic attacks. According to the researchers, earlier attacks could recover data from TSL encryption given that the data was compressed before the encryption. In 2012 and 2013, fixes were introduced, and people have had nothing to worry about when using HTTPS connections. But theoretically, according to Nafeez, the attacks are still valid and can even recover data from some VPN traffic. Like earlier attacks, VORACLE works on VPNs that compress and then encrypt HTTP traffic via TSL.

How VORACLE can recover data on VPNs

VORACLE attack can be used to leak secrets from pages and cookies that contain sensitive info. Here are conditions that must hold for the attack to be successful;

• Both the attacker and the user are on the same network.
• Your browser is vulnerable to VORACLE.
• You are using the HTTP connection.
• You are using OpenVPN with compression enabled.
• Lastly, you are accessing a hacker-controlled website.

From the above conditions, there are slim chances that the VORACLE attack could reveal your data unless maybe you are using public WIFI. That’s why we always advice you to stay away from public WIFI. Sometimes such as in this case, a VPN can be useless in a public WIFI.

Why the OpenVPN protocol

Most VPNs and experts regard OpenVPN as the most secure and reliable VPN protocol. But the researcher shocked everyone when he said that the VORACLE attack works with the OpenVPN protocol. Here is the reason why; OpenVPN compresses data before encrypting it.

Preventing VORACLE attacks

Good news, the VORACLE attacks can be avoided by simple measures. Since the attack relies on the OpenVPN protocol, users need to change to a non-OpenVPN protocol such as the IKEv2 or IPSec which are also secure. Users also need to avoid HTTP websites and use the ones with HTTPS. HTTPS traffic tunnelled through a VPN is immune to VORACLE. Lastly, the VORACLE attack is not viable in Chromium-based browsers such as Chrome. Unlike non-Chromium browsers, HTTP requests in Chromium browsers are split into header and body packets, and this makes the requests immune to VORACLE.

In a nutshell, to be safe, use a Chromium-based browser with a non-Open VPN protocol in your VPN when accessing HTTP sites. After all, you don’t have to panic.

Nafeez notified the OpenVPN project and some VPNs about the findings. OpenVPN project has now added a warning about using compression and then encrypting data in the OpenVPN protocol. Most reputable VPNs have also patched the pre-encryption compression while others have done away with the compression part.

For utmost security, check with your VPN service provider to see if their OpenVPN protocol is safe to use, you can’t afford to lose the speeds that are offered by OpenVPN.