New Security Concerns with VPNs: Major Vulnerabilities Exposed
VPN services are commonly relied upon for privacy, security, and accessing content from different regions. However, recent findings by Top10VPN and security researcher Mathy Vanhoef have raised significant concerns about the safety of VPNs. Their research, presented ahead of the USENIX 2025 conference in Seattle, reveals serious vulnerabilities affecting over 4 million systems globally, including VPN servers, home routers, mobile servers, and CDN nodes from major companies like Meta and Tencent.
The core issue lies within several tunneling protocols, including IP6IP6, GRE6, 4in6, and 6in4, which are supposed to secure data transmission. These protocols, however, contain exploitable flaws that attackers can use to gain unauthorized access to networks. Specifically, these vulnerabilities allow attackers to send data packets that bypass identity verification, leading to potential denial-of-service (DoS) attacks or even data breaches.
To mitigate these risks, the researchers suggest using more secure alternatives like IPsec or WireGuard, which offer end-to-end encryption, ensuring only the server can decrypt and read the data. VPN providers affected by these vulnerabilities span several countries, including the US, Brazil, China, France, and Japan.
This discovery serves as a reminder that, despite their many benefits, VPNs are not immune to security issues. Users are encouraged to take extra precautions when choosing VPN services and stay informed about any emerging vulnerabilities.
