New 'TunnelVision' Exploit Threatens VPN Security Globally

Researchers uncover a method that could bypass VPN encryption, potentially exposing user data since 2002.

The exploit, named TunnelVision, manipulates DHCP to reroute encrypted VPN traffic, allowing attackers to view unencrypted data.
Despite its potential, there are no confirmed cases of active exploitation of the TunnelVision vulnerability in the wild.
TunnelVision affects all major operating systems except Android, which does not support the exploitable DHCP option.
Mitigation strategies include using network namespaces on Linux and configuring VPN clients to block suspicious DHCP configurations.
Security experts urge VPN users to exercise caution on public networks and advocate for software updates to address the flaw.