Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label VPN Leak. Show all posts

Android Spills Wi-Fi Traffic When VPNs Are Enabled

Regardless of whether the Block connections without VPN or Always-on VPN options are turned on, Mullvad VPN has found that Android leaks traffic each time the device links to a WiFi network. 

Source IP addresses, DNS lookups, HTTPS traffic, and most likely NTP traffic are among the items that are being leaked outside VPN tunnels. With the help of a VPN, encrypted data can flow anonymously and be untraceable between two sites on the internet. Consider passing a ping pong ball to someone else across a table as an example. The ball is freely available for third parties to take, manipulate, and return to their intended location. It would be far more difficult to intercept the ball if it were to roll through a tube. 

Information is difficult to obtain because data goes through VPNs similarly. The source and destination of the data packet are likewise obscured because it is encrypted. The Android platform was intentionally designed with this behavior. However, due to the erroneous description of the VPN Lockdown functionality in Android's documentation, users were probably unaware of this until now.

The finding was made by Mullvad VPN while conducting an unpublished security check. The supplier has submitted a feature request to Google's Issue Tracker to fix the problem. A Google developer, however, stated that the functionality was working as intended and that Google has no plans to change it.

"We have investigated the feature request you have raised, and we are pleased to inform you that everything is operating as intended. We don't believe there is a compelling reason to offer this because we don't believe most consumers would grasp it," the Google engineer added.

Unfortunately, Always-on VPN is not totally functioning as intended and contains a glaring weakness, according to a Swedish VPN company by the name of Mullvad. The issue is that Android will send a connectivity check, every now and then to see whether any nearby servers are offering a connection. Device information essential to connectivity checks includes IP addresses, HTTPS traffic, and DNS lookups. Even with Always-on VPN turned on, anyone monitoring a connectivity check could view bits of information about the device because none of this is encrypted since it doesn't travel over the VPN tunnel.

The traffic that escapes the VPN connection contains metadata from which critical de-anonymization information, such as the locations of WiFi access points, may be derived.

The blog post by Mullvad explains that "the connection check traffic could be observed and evaluated by the party controlling the interconnect check server and any entity noticing the network traffic. Even if the message only indicates that an Android device is connected, the metadata, which includes the source IP, can be used to derive additional information, especially when combined with information like WiFi access point locations."

People who use VPNs to shield themselves from persistent attacks would still perceive the risk to be high, even though this is difficult for inexperienced threat actors. Mullvad adds that even if the leaks are not rectified, Google has to at least update the documentation to accurately state that the Block connections without VPN function would not safeguard Connectivity Checks. 

Mullvad is still discussing the data leak's relevance with Google and has requested that they make it possible to turn off connectivity checks and reduce liability points. Notably, this option has the intended capability thanks to GrapheneOS, Android-based anonymity and safety os version that can only be utilized with a select few smartphone models.

21M Users' Personal Data Exposed on Telegram

 

A database containing the personal information and login passwords of 21 million individuals was exposed on a Telegram channel on May 7th, 2022, as per Hackread.com. The data of VPN customers was also exposed in the breach, including prominent VPNs like SuperVPN, GeckoVPN, and ChatVPN. 

The database was previously accessible for sale on the Dark Web last year, but it is now available for free on Telegram. The hacked documents contained 10GB of data and exposed 21 million unique records, according to VPNMentor analysts. The following details were included: 
  • Full names
  • Usernames
  • Country names
  • Billing details
  • Email addresses
  • Randomly generated password strings
  • Premium status and validity period
Further investigation revealed that the leaked passwords were all impossible to crack because they were all random, hashed, or salted without collision. Gmail accounts made up the majority of the email addresses (99.5 percent). 

However, vpnMentor researchers believe that the released data is merely a portion of the whole dump. For the time being, it's unknown whether the information was gained from a data breach or a malfunctioning server. In any case, the harm has been done, and users are now vulnerable to scams and prying eyes. The main reason people use VPNs is to maintain their anonymity and privacy. Because VPN customers' data is regarded more valuable, disclosing it has far-reaching effects. 

People whose information was exposed in this incident may be subjected to blackmail, phishing scams, or identity theft. Because of the exposure of personally identifiable information such as country names, billing information, usernames, and so on, they may launch targeted frauds. Threat actors can easily hijack their accounts and exploit their premium status after cracking their credentials. 

If the data falls into the hands of a despotic government that prohibits VPN use, VPN users may be arrested and detained. Users should change their VPN account password and use a mix of upper-lower case letters, symbols, numbers, and other characters for maximum account security.