5.2 C
Amsterdam
Saturday, December 5, 2020

VORCLE – Recovering HTTP Data from VPN Connections Made Easy

Must read

How to install SuiteCRM on Ubuntu 20.04?

Hello, friends. In this post, learn how to install SuiteCRM on Ubuntu 20.04 SuiteCRM is an application that loads the sales, markets, and services administration...

How To Install Docker Swarm On Ubuntu 20.04

In this tutorial, you'll learn that how to Install Docker Swarm on Ubuntu 20.04. Docker Swarm is most popular tool that can be used...

How To Install Keeweb Password Manager On Ubuntu 20.04

Today we are going to learn that how to install KeeWeb Passwrod Manager On Ubuntu 20.04. KeeWeb Password Manager provides the best and easy...

How to change the MAC address in Windows 10

Hello! How are you? Today we will see how to change the MAC address on a computer with Windows 10. In fact, it is...

For protection, we all heard the name of VPN, right? VPN is a service that allows accessing the internet and leaving the lowest possible footprint of yourself, ensuring your privacy. However, a new method of attack can now recover HTTP traffic that you send through a secure (encrypted) VPN connection. Of course, under certain conditions, not in all cases!

The name of the attack is quite charming – VORACLE. The attack was discovered by security researcher Ahamed Nafeez. The finding about the attack was presented at the Black Hat and DEF CON security conferences.

What is VORACLE?

To be honest, VORACLE isn’t a brand new attack method. Instead, it’s a combo and variation of some already-existing older cryptographic attacks like BREACH, TIME and CRIME.

In the previous attacks, researchers discovered that data was recoverable from TLS-encrypted connections if the compression of data happened before encrypting. Fixes for those attacks were out in 2012 and 2013 and since then, HTTP connection was safe.

What Nafeez discovered that the theoretical points of those attacks are still valid in the case of some VPN traffic types. He pointed out that the VPN clients/services that compress the HTTP web traffic before the encryption as a part of the connection are still vulnerable to those older attacks.

VORACLE can decrypt HTTP traffic sent via VPNs

According to Nafeez, VORACLE still allows an attacker to decrypt the original content of the HTTP traffic that’s going through the VPN connection. He explains that the aim of this attack is to leak secrets like cookies, page with sensitive info etc.

Nafeez also pointed out that VORACLE only works against the VPN services/clients that use the OpenVPN protocol as their core. OpenVPN is open-source and uses a default setting – compressing all the data before encryption via TLS and later, sending it via the VPN tunnel. Thus, it satisfies the conditions of the old attacks – BREACH, TIME and CRIME.

VORACLE is preventable

Despite VORACLE is so dangerous, it is still preventable in a very simple way. For example, some VPN services/clients allow modifying this setting to switch to a non-OpenVPN protocol.

Second, when surfing the net, users can decide not to surf websites that only offer HTTP. Thus, by only browsing the HTTPS sites, even if the attacker gets their hand on the traffic, it won’t be understandable to them.

Third, the attack doesn’t seem to be working in the case of Chromium-based browsers that split the HTTP requests in multiple parts like header and body. It means that even if you access HTTP sites using Chrome and other Chrome-based browsers, you won’t be susceptible to VORACLE.

TunnelBear removed the compression support for its OpenVPN-based servers. Private Internet Access also confirmed that they disabled the pre-compression back in 2014.

Stay safe on the internet!

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

-

Latest article

How to install SuiteCRM on Ubuntu 20.04?

Hello, friends. In this post, learn how to install SuiteCRM on Ubuntu 20.04 SuiteCRM is an application that loads the sales, markets, and services administration...

How To Install Docker Swarm On Ubuntu 20.04

In this tutorial, you'll learn that how to Install Docker Swarm on Ubuntu 20.04. Docker Swarm is most popular tool that can be used...

How To Install Keeweb Password Manager On Ubuntu 20.04

Today we are going to learn that how to install KeeWeb Passwrod Manager On Ubuntu 20.04. KeeWeb Password Manager provides the best and easy...

How to change the MAC address in Windows 10

Hello! How are you? Today we will see how to change the MAC address on a computer with Windows 10. In fact, it is...

How To Configure Slave BIND DNS Server On Ubuntu 20.04

In our previous guide we covered the setup of Master(Primary) DNS Server. Here we'll learn that how to configure slave bind dns server on...
x