There's a good chance your VPN is vulnerable to privacy-menacing TunnelCrack attack

Especially on Apple gear, uni team says

A couple of techniques collectively known as TunnelCrack can, in the right circumstances, be used by snoops to force victims' network traffic to go outside their encrypted VPNs, it was demonstrated this week.

A team of academics – Nian Xue of New York University, Yashaswi Malla, Zihang Xia, and Christina Popper of New York University Abu Dhabi, and Mathy Vanhoef of imec-DistriNet and KU Leuven – on Tuesday explained how the attacks work, released proof-of-concept exploits, and reckoned "every VPN product is vulnerable on at least one device."

Their co-authored Usenix-accepted paper [PDF] has all the details. The researchers said they tested more than 60 VPN clients, and found that "all VPN apps" on iOS are vulnerable. Android appears to be most secure of the bunch.

Essentially, we're told, these flaws can be exploited to route a victim's network traffic outside of their secure VPN tunnel, allowing that traffic to be observed to some degree by snoopers on the local network at least. Exploitation requires a mix of skill and coercion, plus victims using vulnerable clients or configurations.

And bear in mind, if you're securely encrypting connections before they're sent through your VPN tunnel – such as using HTTPS to visit a website or SSH to manage a remote host – those connections should remain secure and encrypted even if redirected by these techniques; anything plain-text will be fair game. We're assuming here your secure connections can resist man-in-the-middle decryption attacks.

Here's what the boffins wrote on their TunnelCrack website:

We found that VPNs for iPhones, iPads, MacBooks, and macOS are extremely likely to be vulnerable, that a majority of VPNs on Windows and Linux are vulnerable, and that Android is the most secure with roughly one-quarter of VPN apps being vulnerable. The discovered vulnerabilities can be abused regardless of the security protocol used by the VPN.

The two attacks are called LocalNet and ServerIP.

To pull off a LocalNet attack, a spy has to create a Wi-Fi or Ethernet network and trick the victim into connecting to it — for example, by spoofing a Starbucks cafe wireless network. When the victim connects to the malicious network, the attacker assigns a public IP address and subnet to the victim's device.

Here's the clever little part: let's say the snoop wants to intercept your connection to the IPv4 address They assign the victim's device, say, As the research team put it, "because most VPNs allow direct access to the local network while using the VPN," what will happen is the victim's connection to will go directly there from, over the malicious network, rather than via the VPN tunnel, allowing it to be observed by the network's operator.

It's that simple. If you configure your VPN client to route local network connections directly, you may be at risk. Check for updates or advisories from your VPN app maker.

This oversight is being tracked using various CVEs, eg: CVE-2023-36672 in the macOS Clario VPN client through version; and CVE-2023-35838 in the WireGuard client 0.5.3 on Windows.

The second attack, dubbed ServerIP, is a bit more involved, and is again tracked by various CVEs, eg: CVE-2023-36673 in the macOS Avira Phantom VPN through version 2.23.1; and CVE-2023-36671 in the Clario VPN client as above.

Here's the explanation on how that works from the team:

In the ServerIP attack, we abuse the observation that many VPNs don't encrypt traffic towards the IP address of the VPN server. This is done to avoid re-encryption of packets.

As an example, say the VPN server is identified by the hostname and the real IP address of the VPN server is Let's assume the adversary wants to intercept traffic to which has IP address

The adversary first spoofs the DNS reply for to return the IP address, which equals the IP address of

The victim will then connect with the VPN server at To assure the victim still successfully creates a VPN connection, the adversary redirects this traffic to the real VPN server. While establishing the VPN connection, the victim will add a routing rule so that all traffic to the VPN server, in this case the spoofed IP address, is sent outside the VPN tunnel.

When the victim now visits, a web request is sent to Due to the routing rule just added, this request is sent outside the protected VPN tunnel.

The team has published instructions on how to manually test VPNs on their GitHub repository.

Vendors respond

The Register reached out to several of the vendors named in the paper, and their responses to VPN flaws and research were mixed.

Apple did not respond to The Register's inquiries. Microsoft also had no comment on the researchers' claims that Window's built-in VPN is vulnerable; it is not planning to release any fixes.

Ivanti, meanwhile, told us: "We are aware of the research. After investigating the attack vectors, we determined that a customer’s exposure depends on the configuration of their Ivanti Connect Secure appliance.

"We already had specific configurations built into the device that would block these attacks. We have provided technical information to our customers with steps outlined to ensure their device is configured properly."

Cisco on Tuesday issued an advisory, and warned TunnelCrack attacks affect Cisco Secure Client AnyConnect VPN for iOS regardless of client configuration. They also affect Cisco AnyConnect Secure Mobility Client for Linux, macOS, and Windows, as well as Cisco Secure Client for Linux, macOS and Windows — if they are deployed with an affected configuration.

Neither attack affects Cisco Secure Client AnyConnect for Android.

A Check Point spokesperson said the biz believes, "based on our most recent examinations, that these reports do not have a real impact on Check Point VPN clients." 

"Given default configurations and additional factors, this vulnerability is complicated to exploit and in any way not creating a risk to corporate data, resources, or employee credentials disclosure when using standard configuration of Check Point VPN clients," the spokesperson continued, adding that the vendor will continue to monitor the situation and create protections as necessary.

Mullvad issued a response to the TunnelCrack research on Wednesday, and said its VPN is "mostly unaffected."

"On Windows, Linux, macOS and Android we are not vulnerable to the LocalNet attack. We never leak traffic to public IPs outside the VPN tunnel. However, on iOS we are affected by this attack vector," according to the developers.

"The only solution we know against these leaks on iOS is to enable a flag called includeAllNetworks in iOS VPN terminology," Mullvad continued. "We have been aware of this flag for a long time, and we have wanted to enable it for just as long."

The issue: wireguard-go, which is the tunnel implementation that Mullvad and other WireGuard apps on iOS use, isn't compatible with includeAllNetworks.

We actually have been working on this for quite some time. But it is a pretty large task and we are not there yet

"We are currently replacing wireguard-go with something allowing us to enable this security feature," Mullvad continued. "We actually have been working on this for quite some time. But it is a pretty large task and we are not there yet."

ExpressVPN told us they verified it only affected the iOS app, and deployed a fix about a month ago. "We encourage users to update to the latest version of the ExpressVPN iOS app," the spokesperson said.

Additionally, when the iOS app detects any potential TunnelCrack activity, it displays a notification warning the user of the risk and recommending that they turn off local network access. 

"Users who want to proactively protect themselves from this risk can also do so in their Network Protection settings, by turning on 'block internet when VPN connection is interrupted' and turning off 'allow access to devices on local network'," Express VPN's spokesperson said.

Nord Security said TunnelCrack affects its macOS and iOS VPN clients. It also noted that the VPN leaks can only happen when routers use non-RFC1918 IP addresses, "which while rare, is an industry-wide issue."

They said have also taken steps to mitigate the issue, including dropping the "IKEv2/IPSec protocol support on our apps, discontinued support for iOS versions older than 14.2, and implemented the 'Invisibility on LAN' feature for macOS users, successfully securing their VPN connections," the spokesperson said. 

"In addition, warnings will be prompted for all users connected to unsafe networks, advising immediate disconnection and providing additional steps on how to secure themselves," they added.

Nord Security said it appreciated and thanked the researchers who found TunnelCrack, and "we also hope Apple will prioritize the swift resolution of bugs, which now prevent iOS VPN clients from the robust implementation of features that would help users mitigate these security risks."

Again, we'd like to point out that we have asked Apple if it plans to address TunnelCrack and have yet to hear back. We will update this story if and when we do. ®

More about


Send us news

Other stories you might like