VPN Hacking: How VPN's Work and How They Break Our Security

[Cartographer]

Welcome back, my aspiring cyberwarriors!




In recent posts, I have emphasized the risks inherent in VPN's. Virtual Private Networks or VPN's are designed to keep us safe and secure but in recent years they have failed us miserably. In highlighting these failings, we have encountered a lot of confusion and misconceptions regarding how VPN's actually work, much of it from so-called cybersecurity experts. In an attempt to clarify this confusion to both the beginner and expert, I am offering this series on VPN's. If you are taking a cybersecurity certification exam in the near future such as the Security+ or CISSP, this information will be invaluable as both exams( and nearly every other cybersecurity certification) requires that you understand how VPN's work and don't work.




There are at least two types of VPN's, the ones designed for consumers to keep you safe from attackers (you see their advertisements all over the web and TV) and the corporate style VPN from vendors such as Fortinet and Cisco. These VPN's are designed to enable remote employees to access the local area network, safely and securely.







Let's address the consumer level VPN that are supposed to keep you safe from attackers first.




Consumer-Level VPN




Consumer level VPN's are designed to encrypt the user's data and hide their IP address. The user installs a client software on their system and then connects through the VPN server to the Internet. The client software creates an encrypted "tunnel" between the user and the VPN. When the traffic leaves the VPN, it contains the IP address of the VPN server and not the end user, making it more difficult for attackers to identify and locate you.

This tunnel is effective in keeping your ISP from seeing your data and selling it data brokers and others. As for the protection against identifying you and your location, it is effective in hiding your IP address but web site owners and criminals use a newer techniques to identify you, such as your cookies and browser fingerprinting.




So, these consumer level VPN's are effective in hiding your IP address and your data but not your identity.







Corporate-Level VPN's







Corporate level VPN's are VPN's designed to enable remote workers to access the corporate local area network. They work similarly to the consumer level VPN but instead of providing access to the global internet, they give the end-user access to the corporate network. Just like the consumer level VPN, they encrypt the data between the end user and the VPN server. In this case, they are not intended to hide the identity of the end user as the VPN administrator has access to everyone's identity, username, and password.










The problem with using the VPN's is that vendors have been lax in the security of the VPN servers. If an attacker can access the VPN server, they can "see" all the traffic over the VPN as the server decrypts the traffic before sending through to the local area network. They do not need any credentials to do so once they have breached the server. You might think this is rare or unusual but let me dispel that idea by listing all the VPN vulnerabilities in the last year from the major vendors. Please see the table below.




Before I list the multitude of VPN vulnerabilities, let's point out a few facts;

1. Zscaler, a cloud-based cybersecurity company, did a survey of major companies regarding their VPN's. 91% of those surveyed said they are concerned about the risks in the VPN's, and 56% have been targets of cyberattacks against their VPN's. Ransomware attacks were the most common attack vector against the VPN's.2.
   
   
2. SoC Radar documented a 47% increase in VPN vulnerabilities in 2023
   
   
   
   
   
   
   
   Summary
   
   
   
   
   VPN's have been sold to the public and the cybersecurity community as a way to keep us safe and secure. Unfortunately, the companoes building these devices have been very lax in the development of these products and as a result, our trust in these products in misplaced.
   
   
   
   
   The concept of a VPN to enable our remote users to connect safely to the LAN is good one, it is just the implementation that is failing. The VPN software is buggy and full of vulnerabilities enabling attackers to take control of the VPN and see all the traffic.
   
   
   
   
   Thos VPN's being sold to the public to keep you "safe from attackers" is simply marketing fluff and hype. It will hide your IP and encrypt your traffic but this hardly adequate to keep you safe from attackers. Ask your neighbor who uses a VPN and was hacked.
   
   
   
   
   
   
   
   Major VPN Vulnerabilities Since January 1, 2024
   
   
   
   
   
   
   CVE Description