While the internet has shaped the way we communicate, its ease of access and convenience comes with a price. WIthout any online protection, we leave ourselves open to frauds, theft and property theft. Without a doubt, privacy and vigilance go hand in hand to keep yourself safe. That is the subtle reason online privacy tools are an extream need to protect your identity and data online.
By nature, the VPN is a source of security and reliance for multiple companies and individuals fighting the war against global geo-restrictions. But with a recent glitch, VPNs are under serious heat. The history of a Virtual Private Network VPN can be vouched for as it adds an extra layer of security to our networks and with time the encryption and protocols used were tweaked to withstand any possible hacks or attacks until VORACLE Happened.
VORACLE is a recently developed threat that surfaced the forums making multiple VPN services alarmed with its presence. Let’s look under the hood and find how this is a possible threat and where will it impact the most.
Tech security researcher Ahamed Nafeez came with this new attack at recent Black Hat and DEF CON security conferences. VORACLE is a mix of BREACH, CRIME, and TIME. These are all cryptographic attacks that decrypt HTTP traffic delivered through VPNs in-built OpenVPN protocols. The attack takes advantage as the OpenVPN uses the default setting to compress all data before it encrypts it with TLS.
This is penetrated by repeatedly adding plain text information data packets before the compression happens and then recovers the flowing traffic. With this, the hacker can measure the packet length to compare it to brute force potential value. This a gist, it will allow obtaining session cookies or session data of the user.
Because the VORACLE makes use of plain text information inserted into the data before encryption happens and can see it after it has been encrypted. This is often derived often by engaging users to HTTP websites which are either controlled by the attacker or where the malicious code will be implanted. This is further avoided if the user is using Chrome as it only recognizes and allows HTTPS requests. That being said, it would be hard for VORACLE attack to make its way successfully.
Initiating a VORACLE attack accounts for different variables that are not easily implemented but for starters, the attacker and the user have to be on the same network, and the target should be on an ‘HTTP’ connection. But if the target is using Chrome browser, then that can be a problem as Chrome rejects HTTP requests and only accept HTTPS.
Next, the attacker engages the target to HTTP website which is controlled by the attacker and the target should be involved with OpenVPN while the compression takes place. The HTTP website will be injected with variable data to the encrypted stream of data between the VPN and the browser. After the variables are set in place, the attacker can easily take charge of the VPN account, and it's logging sessions until it is disconnected. Within this takeover period, the hacker/attacker can easily change password depending on the amount of security the VPN provider has enabled.
Before VORAClE attack happens, few things need to be adjusted and taken care of, and it is possible to stop the attack from taking place.
Avoid All HTTP Websites
VORACLE works only on HTTP websites as HTTPS traffic is immune to VORACLE. We open and click on multiple websites or pages on a daily basis without knowing the source and credibility of the site. VORACLE attacks don’t function on the data which is already encrypted before the compression; this allows the HTTPS websites to stay secure.
Change OpenVPN Protocols on all devices
The attack is designed to penetrate and work on OpenVPN protocol as the people behind this project decided to add a clear warning in the documentation in respect to the dangers of using pre-encryption documentation. They did not change the OpenVPN's default setting as its process is part of the VPN tunneling. Instead, switch off this protocol in your VPN provider which allows this option.
Make use of Google Chrome/Chromium as a Fail Safe
Different VPNs have different ways of coping with the protocols. Some of the protocols are mandatory, and you cannot switch them off no matter what. If that is the case, then you can use Google Chrome/Chromium as these browsers split HTTP requests defining them into header and body and not including them as a single data packet.
Having a VPN can be relieving but with VORACLE, things have taken a U-turn and now seems like a VPN need to step up its security protocols. With the recent VORACLE threat, multiple VPN providers are shaken by it and trying to implement new changes to prevent it. Until your VPN provider provides a solid proof regarding the issue. Why not safeguard your privacy yourself?
Go through the blog and make your VPN security VOACLE proof.
By nature, the VPN is a source of security and reliance for multiple companies and individuals fighting the war against global geo-restrictions. But with a recent glitch, VPNs are under serious heat. The history of a Virtual Private Network VPN can be vouched for as it adds an extra layer of security to our networks and with time the encryption and protocols used were tweaked to withstand any possible hacks or attacks until VORACLE Happened.
VORACLE is a recently developed threat that surfaced the forums making multiple VPN services alarmed with its presence. Let’s look under the hood and find how this is a possible threat and where will it impact the most.
What is a VORACLE Attack?
Tech security researcher Ahamed Nafeez came with this new attack at recent Black Hat and DEF CON security conferences. VORACLE is a mix of BREACH, CRIME, and TIME. These are all cryptographic attacks that decrypt HTTP traffic delivered through VPNs in-built OpenVPN protocols. The attack takes advantage as the OpenVPN uses the default setting to compress all data before it encrypts it with TLS.
This is penetrated by repeatedly adding plain text information data packets before the compression happens and then recovers the flowing traffic. With this, the hacker can measure the packet length to compare it to brute force potential value. This a gist, it will allow obtaining session cookies or session data of the user.
Because the VORACLE makes use of plain text information inserted into the data before encryption happens and can see it after it has been encrypted. This is often derived often by engaging users to HTTP websites which are either controlled by the attacker or where the malicious code will be implanted. This is further avoided if the user is using Chrome as it only recognizes and allows HTTPS requests. That being said, it would be hard for VORACLE attack to make its way successfully.
How the Attack Takes Place - Decrypt HTTP traffic sent via VPNs
Initiating a VORACLE attack accounts for different variables that are not easily implemented but for starters, the attacker and the user have to be on the same network, and the target should be on an ‘HTTP’ connection. But if the target is using Chrome browser, then that can be a problem as Chrome rejects HTTP requests and only accept HTTPS.
Next, the attacker engages the target to HTTP website which is controlled by the attacker and the target should be involved with OpenVPN while the compression takes place. The HTTP website will be injected with variable data to the encrypted stream of data between the VPN and the browser. After the variables are set in place, the attacker can easily take charge of the VPN account, and it's logging sessions until it is disconnected. Within this takeover period, the hacker/attacker can easily change password depending on the amount of security the VPN provider has enabled.
What is the Solution to VORACLE?
Before VORAClE attack happens, few things need to be adjusted and taken care of, and it is possible to stop the attack from taking place.
Avoid All HTTP Websites
VORACLE works only on HTTP websites as HTTPS traffic is immune to VORACLE. We open and click on multiple websites or pages on a daily basis without knowing the source and credibility of the site. VORACLE attacks don’t function on the data which is already encrypted before the compression; this allows the HTTPS websites to stay secure.
Change OpenVPN Protocols on all devices
The attack is designed to penetrate and work on OpenVPN protocol as the people behind this project decided to add a clear warning in the documentation in respect to the dangers of using pre-encryption documentation. They did not change the OpenVPN's default setting as its process is part of the VPN tunneling. Instead, switch off this protocol in your VPN provider which allows this option.
Make use of Google Chrome/Chromium as a Fail Safe
Different VPNs have different ways of coping with the protocols. Some of the protocols are mandatory, and you cannot switch them off no matter what. If that is the case, then you can use Google Chrome/Chromium as these browsers split HTTP requests defining them into header and body and not including them as a single data packet.
Words of Wisdom
Having a VPN can be relieving but with VORACLE, things have taken a U-turn and now seems like a VPN need to step up its security protocols. With the recent VORACLE threat, multiple VPN providers are shaken by it and trying to implement new changes to prevent it. Until your VPN provider provides a solid proof regarding the issue. Why not safeguard your privacy yourself?
Go through the blog and make your VPN security VOACLE proof.
- SAP Managed Tags:
7 Comments
