A recently published paper revealed how ten of the fourteen most popular VPN services are vulnerable to IPv6-leak and all but one is vulnerable to DNS hijacking attack; however, VPN providers have come out in full defense of their services claiming that not only the paper is outdated, but the vulnerabilities have long been fixed and that the authors have not updated the paper with this information.
The researchers had noted in their paper that their research shows how critical the issues are and how many of the VPN providers leak all, or a critical part of the user traffic in mildly adversarial environments. Researchers noted that the reasons for the failure to protect user data are quite diverse – few being on the system configuration side and few on the VPN providers’ end.
AirVPN has created a thread on its forums explaining the issues as early as May this year – long before the paper was published. “AirVPN is not vulnerable to DNS hi-jacking because VPN DNS server and gateway IP addresses match”, the forum thread reads.
“The paper is outdated because their tests were performed on VPN servers with a /30 topology that we kept to maintain compatibility with Windows OpenVPN 2.0.9 and some older versions. After the draft paper preview they kindly provided us with months ago, we decided to speed up Windows OpenVPN 2.0.9 support drop, which made sense in 2010 but not now.”
“Current topology allows to have the same IP address for VPN DNS server and VPN gateway, solving the vulnerability at its roots, months before the publication of the paper. Unfortunately they could not manage to fix the paper, purely for problems of time we suppose, which remained outdated,” AirVPN notes.
TorGuard, which is another service that has been named in the report, but is said to not vulnerable, has created a blog post addressing the IPv6-leak issue.
“TorGuard software has always blocked most IPv6 leaks by default, and we have now added a new feature that specifically forces all IPv6 traffic into the VPN; thus blocking any potential leak at the source.”
Private Internet Access in a statement to TorrentFreak says that they feel the paper is not up to the mark. “While the article purported to be an unbiased and intricate look into the security offered by consumer VPN services, it was greatly flawed since the inputs or observations made by the researchers were inaccurate,” PIA said.
Fast speed. No buffering. Smooth Surfing, Enjoy your favorite movies, music and videos from anywhere in the world. Ivacy’s speedy VPN service is optimized to provide lag-free streaming with unlimited bandwidth and 99.99% server uptime. So, if you are looking for speed and security, Ivacy is the best VPN service for you.