A new network technique has been discovered that allows attackers to redirect traffic off VPN tunnels using DHCP, resulting in unencrypted packets being snooped. Termed ‘decloaking,’ this technique can bypass kill switches without triggering alerts. An urgent call has been made for VPN providers to implement network namespaces to counter this threat. Errors in DHCP options and potential abuses have been highlighted, emphasizing the need for better security practices. A detailed explanation of low-level networking, VPN technology, and DHCP is provided in this article, with a proof-of-concept video demonstration. Concerns about surveillance and online safety are addressed, offering important insights into securing VPN connections.
https://www.leviathansecurity.com/blog/tunnelvision