您的 IP 地址: 未知 · 您当前的状态: 受保护未受保护的未知

NordVPN

在线安全性和私密性

NordPass

密码管理

NordPass Business

企业密码安全整体方案

NordLocker

云存储加密

博客 Service Updates

NordVPN safe from new VORACLE VPN hack

Daniel Markuson

Daniel Markuson

Aug 17, 2018 · 2 min read

facebook Facebook
twitter Twitter
Copy link Copy link
NordVPN safe from new VORACLE VPN hack

A new security vulnerability has just been revealed that could affect NordVPN and other leading VPN providers, making it possible for sophisticated hackers to gradually piece together the target’s traffic. Fortunately, we have already eliminated the vulnerability from our system.

The vulnerability was revealed in early August at the Black Hat conference in Las Vegas by security researcher Ahamed Nafeez. He created a tool called VORACLE that could potentially target any VPN that used the OpenVPN protocol. That option is and continues to be available to NordVPN users because the vulnerability has been sealed.

How the VORACLE hack works

The VORACLE vulnerability is based on a number of hacks that were initially addressed and sealed in 2012 and 2013. It all starts with the OpenVPN protocol.

By default, OpenVPN compresses data before encrypting it. By adding tiny bits of known data to the unknown data before it is encrypted, VORACLE can eventually discover the session key for that encrypted conversation. This would then give the hacker the ability to unlock the conversation and read it.

However, initiating the attack isn’t exactly easy. The attacker needs to ensure a perfect storm of variables to be able to violate your encrypted tunnel:

  1. They need to be on the same network as you;
  2. You need to be using an HTTP connection;
  3. You need to be using a browser vulnerable to VORACLE (anything but Chrome);
  4. You need to visit a website that the hacker controls;
  5. You need to be using OpenVPN with compression engaged.

You should always be wary when browsing an HTTP website like in step 2, but step 4 should definitely jump out at you. If you’re visiting a site owned or compromised by the attacker, they’ll already have a wealth of options at their disposal for attacking you (see how in our post all about hacking methods). Instead of just attacking you through there, they’d need a reason specifically to break into your encrypted tunnel, which will reduce the number of cases in which this tool will be the hacker’s weapon of choice.

How we fixed it

The core of the fix was as simple as they come – disable compression for OpenVPN in NordVPN. That’s why our tech team was able to patch up the vulnerability almost immediately. After that, we continued to test our service to ensure that the problem was fixed and that the fix didn’t have any negative effects. We were even pleased to find that the change had no negative effect on our service quality.

STATUS: NordVPN is SAFE from the VORACLE attack

facebook Facebook
twitter Twitter
Copy link Copy link
Daniel Markuson
Daniel Markuson success Verified author
Daniel is a digital privacy enthusiast and an Internet security expert. As the blog editor at NordVPN, Daniel loves to serve up generous helpings of news, stories, and tips to help people stay private and secure.
Next article
Next read WannaCry — how does it work, and is it still alive? Paul Black · Feb 09, 2022

Trending articles

Trending article
News · 3 min read What is Log4Shell and what kind of damage can it do? Carlos Martinez · Feb 04, 2022
Trending article
In Depth · 4 min read What to do if my YouTube account has been hacked Charles Whitmore · Feb 03, 2022
Trending article
News · 3 min read Can you trust cryptocurrency? Malcolm Higgins · Feb 14, 2022
Trending article
How-To · 3 min read WannaCry — how does it work, and is it still alive? Paul Black · Feb 09, 2022