Novel attack against virtually all VPN apps neuters their entire purpose
Researchers have devised an attack against nearly all virtual private network applications
but then further down:
The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user’s VPN runs on Linux or Android.
The researchers believe it affects all VPN applications when they’re connected to a hostile network …
Our technique is to run a DHCP server on the same network as a targeted VPN user …
If you are connected to a hostile network or the bad guys are on your network then your source IP is known to them anyway
I’m not going to delve too much into this after reading other comments, but wouldn’t an actually properly configured VPN, which control your device routes and use proper server authentication not care about any of this at all?
These sensationalist articles are ridiculous. Simply don’t use DHCP on the main host network interface. DHCP packets aren’t usually routable anyway.
Don’t connect to public networks with only a VPN app.
I use a router with built in VPN to act as a repeater for a public network (like hotels). Then it’s no different than being on your home network while using a VPN.
I never connect directly to an unsecured network with any PC or phone.
This has always been possible and quite common of an attack. Don’t even need to run a dhcp server. Just need to arpspoof as the gateway and then act as the gateway for the network you are on by forwarding all traffic to the actual gateway but can packet inspect and even MITM some ssl traffic if you want.
This attack works easily on basically all home and small business networks and if I’m understanding this article is effectively functionally the same thing. Nothing new here. Just new people learning of good old attacks that still work. 
If you get good networking hardware and managed switches you can detect and even block rogue dhcp servers and arpspoof attacks. But… it requires a bit of investment that most people won’t do.
Hint: I’ve done this on and off over the last 20+ years from time to time just to check if it works, still works.
Does it work on Fake Block?
Oh wow, nothing new was found and they published a paper about it. Any network you don’t own is a hostile network. Always assume you’re being watched when off home-grid.
Read this as “Novell” and got really confused
Here how this is NordVPNs sole fault!
There is a way to circumvent the issue of route injection. When a lease is issued that ip can be used by the client as a static bind after the lease is granted. Simply switching the client to use the issued ip statically would ignore any route offered by the 121 option.
So, Android is the only platform that has VPNs that are actually safe from this rather simple hack?
Only Androlid is secure?
Only Android?
Wow!
Glad I never spent money on a vpn.
even further down:
When apps run on Linux there’s a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks.
2-4% of desktop users smiled.
Tldr - DHCP Options installing more specific routes via the physical interface. Traffic doesn’t hit the default route installed by the VPN service
That was very interesting! Thanks for linking to it.
Well the bad thing here is that you can no longer use a VPN as a trusted connection in public wifi hotspots. It doesn’t need to be a hostile network, just a public one.
It isn’t just that your IP is known, but that the connection never passes through the VPN at all - so it isn’t encrypted through the VPN’s tunnel.