Port Shadow VPN Attacks: Who’s at Risk and How to Stay Safe?
A team of researchers is warning of a vulnerability affecting VPN platforms that could make users “less secure in specific situations.”
What “Harbor Shadow” could allow attackers to act as a man-in-the-middle between you and the VPN server you are connected to. This could allow them to intercept and decrypt your VPN traffic, reroute your DNS request, and deanonymize your connection.
Before you panic, you should know that the best VPN services are not vulnerable because they are specifically designed to prevent third parties from exploiting this vulnerability.
The new Port Shadow study builds on a Research 2021meaning that VPN developers were largely aware of such a flaw. What is certain is that the new paper sheds new light on the importance of reliable VPN software.
The Dangers of Port Shadow
As the researchers explain in their paper, widely used VPN protocols (OpenVPN, WireGuard, OpenConnect) can be vulnerable to Port Shadow if they do not have the proper software infrastructure in place to prevent this flaw from being exploited. This virtually ensures that people using a poorly designed VPN service will actually fewer instead secure.
“Port Shadow attacks pose a significant risk to user privacy,” Karolis Kaciulis, Leading System Engineer at Surfshark, told me. “The biggest threat is that malicious actors can intercept a user’s DNS requests and inject malicious DNS records in response. This manipulation allows attackers to redirect user traffic and potentially lead to further attacks.”
This is because the Port Shadow vulnerability allows attackers to attack other users connected to the same VPN servers, as they use a common port to establish the connection.
If you browse on a public Wi-Fi network without proper security, third parties may be able to spy on your unencrypted data, scan your port input, or even hijack your connection if the source port is not selected randomly.
DYK most #VPN services can actually make you less safe? Today @PET_Symposium Benjamin Mixon-Baca presents research done in collaboration with Citizen Lab on how VPNs can allow an attacker to act as an in-path router between you and the VPN server. The study… pic.twitter.com/qB89VsfqHQJuly 16, 2024
As dangerous as it sounds, some VPN developers claim that in practice, exploiting this vulnerability is not as easy as it seems on paper.
“This attack method is not very practical as the attacker needs to know both the victim’s public IP address and the specific VPN server they are connected to,” said Samuele Kaplun, Ecosystem & VPN Lead at Proton VPN. “Given these requirements, we would be surprised if it were successfully exploited in the wild.”
Lauren Hendry Parsons, a spokesperson for ExpressVPN, shares a similar sentiment. “There are multiple conditions that need to be met for you to be vulnerable to it,” she said. “The way we assess it is that it’s essentially a lab-based attack: in theory, you could extend it to any commodity VPN provider, but in reality, it’s hard to pull off and it’s not really clear what you’re getting out of it.”
How to Protect Yourself from Port Shadow Attacks
As mentioned earlier, most reputable VPN providers have already developed their software to successfully neutralize Port Shadow attacks.
As the research report states: “We found that some VPN services operating over OpenVPN or WireGuard protocols are not susceptible to CVE-2021-3773, including NordVPN, ExpressVPN, and Surfshark.” In addition to these services, Proton also confirmed to TechRadar that its VPN is not affected.
So, what are these VPN providers doing to protect you from Port Shadow attacks? And more importantly, what can they do to protect you from Port Shadow attacks? you What can you do to further improve your VPN security?
Use a reliable VPN
The most secure VPN providers are built to ensure distinct incoming and outgoing IP addresses. This is to, as Proton VPN’s Kaplun explains, prevent the creation of connection tracking between IPs, which is essential to carrying out the attack.
Express’ Parsons commented: “This is an industry best practice: it improves user privacy by preventing websites or ISPs from linking their activities to specific individuals.”
Did you know?
A virtual private network (VPN) is security software that encrypts your internet connections to increase your online privacy by redirecting data leaving your device through a secure encrypted tunnel. Because you must connect to one of the servers to use the service, a VPN also spoofs your real IP address, allowing you to access otherwise geo-restricted content.
Pay attention to a reliable kill switch
A VPN kill switch is an extra layer of security that you should look out for, as it is designed to protect your data from accidental exposure and leaks. Imagine if your VPN connection drops, this advanced security feature will block your internet access until the connection to the VPN server is re-established.
The good news is that all of the top-rated VPNs offer this tool, with our favorite NordVPN having two kill switches to double the protection. So make sure to keep the kill switch option active at all times.
Get a dedicated IP for extra security
Since a shared IP is a major factor in being vulnerable to Port Shadow attacks, you can even completely eliminate the problem right at the source by getting a dedicated IP. As the name suggests, this provides an address that only you will ever use – a security feature offered by many providers, usually for an additional fee.
It’s worth reminding you that while it can further mitigate your risk, a dedicated IP isn’t strictly necessary if you’re using a reputable VPN. As NordVPN noted when I asked, “Our customers are safe no matter what.”
We test and review VPN services in the context of legal recreational use. For example:
1. Accessing a service from another country (subject to the terms and conditions of that service).
2. Protect your online security and strengthen your online privacy abroad.
We do not support or tolerate the illegal or malicious use of VPN services. The consumption of paid pirate content is not endorsed or approved by Future Publishing.
