VPN Users Left Unsecured by Zero-day Flaw in Virgin Media Routers

Another vulnerability has been discovered that leaves users who use VPN connections in Virgin Media Routers.

VPN Users Left Unsecured by Zero-day Flaw in Virgin Media Routers
VPN Users Left Unsecured by Zero-day Flaw in Virgin Media Routers | Image credits: Financial Times

VPN customers' genuine IP addresses can be exposed by hackers exploiting a previously unknown Virgin Media Super Hub 3 router vulnerability, according to The Daily Swig.

Fidus, a UK penetration testing business, informed Virgin Media, a British telco, about the vulnerability over two years ago. Virgin Media then contacted Liberty Global, its parent company, about the problem. Fidus' R&D team says that the vendor requested a 12-month delay in disclosure, but after that, they were unable to contact Virgin Media or Liberty Global, and both sides failed to respond.

Virgin Media stated that it is now working on a technical fix and assured its consumers that the flaw may only affect a tiny portion of its customers who use virtual private networks (VPNs). Fidus explained in a blog post that researchers were able to perform a DNS rebinding attack that exposed a VPN user's IP address "by [the user] simply visiting a [malicious] webpage for a few seconds".

In DNS rebinding attacks, browsers are exploited and used as proxy machines to attack private networks.

Cybercriminals can identify their victim' genuine IP addresses even if they are using VPNs

Researchers were able to reveal the true IP addresses of those whose devices were concealed by the most popular VPNs. However, several VPN services blocked local IP addresses by default to stop the attack. The vulnerability of people's computers, according to cyber security experts, was created by allowing LAN traffic, which blocks attacks by accident. However, when the LAN traffic is subsequently switched off, many individuals leave themselves open to a cyberattack.

Fidus claims that the seriousness of the privacy issues is amplified by the stealthiness of the flaw. The concept can be implemented on any famous website (most likely one that has been compromised) and be used to expose those who are browsing over a VPN.

Fidus believes that the vulnerability they discovered in the ARRIS TG2492 can be used against other ARRIS devices. Fidus told us that Liberty Global has placed ARRIS's DOCSIS routers in different ISPs owned by the company across the globe. The Fidus brand is owned by CommScope, the manufacturer of the network infrastructure, although Liberty Global owns the firmware, according to Fidus.