Security Expert Comments On VPN Bug Lurks In iOS, Android, Linux Distros, MacOS, FreeBSD And OpenBSD

As reported by The Register, researchers from the University of New Mexico have found a bug in the way Unix-flavored systems handle TCP connections, which could put VPN users at risk of having their encrypted traffic hijacked. CVE-2019-14899 is a security weakness that they report to be present in “most” Linux distros, along with Android, iOS, and macOS. If exploited, encrypted VPN traffic can be potentially hijacked and disrupted by miscreants on the network. Once the victim connected to their VPN, the spy would be able to tamper with the TCP stream to do things like inject packets into the stream.

Experts Comments

December 06, 2019
Jake Moore
Cybersecurity Specialist
ESET
VPNs should ideally be seen and used as another tool in the cyber security toolkit, rather than something to use constantly. There have been a few stories mentioning breaches to VPN services this year, but I think they still have a role to play in data privacy. The majority of people will not be directly targeted in this type of attack, however they may be part of an untargeted breach of data if caught up in something like a simple man-in-the-middle attack in a public Wi-Fi zone. Where 4G is .....Read More
VPNs should ideally be seen and used as another tool in the cyber security toolkit, rather than something to use constantly. There have been a few stories mentioning breaches to VPN services this year, but I think they still have a role to play in data privacy. The majority of people will not be directly targeted in this type of attack, however they may be part of an untargeted breach of data if caught up in something like a simple man-in-the-middle attack in a public Wi-Fi zone. Where 4G is offered, this is far more secure than any public Wi-Fi for privacy and security reasons, although I do appreciate that some people will need to jump on public Wi-Fi in some circumstances. Naturally, C-Suite level personnel or similar should increase their security where necessary and use a variety of different protection methods.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.