A new security vulnerability has just been revealed that could affect NordVPN and other leading VPN providers, making it possible for sophisticated hackers to gradually piece together the target’s traffic. Fortunately, we have already eliminated the vulnerability from our system.
The vulnerability was revealed in early August at the Black Hat conference in Las Vegas by security researcher Ahamed Nafeez. He created a tool called VORACLE that could potentially target any VPN that used the OpenVPN protocol. That option is and continues to be available to NordVPN users because the vulnerability has been sealed.
How the VORACLE hack works
The VORACLE vulnerability is based on a number of hacks that were initially addressed and sealed in 2012 and 2013. It all starts with the OpenVPN protocol.
By default, OpenVPN compresses data before encrypting it. By adding tiny bits of known data to the unknown data before it is encrypted, VORACLE can eventually discover the session key for that encrypted conversation. This would then give the hacker the ability to unlock the conversation and read it.
However, initiating the attack isn’t exactly easy. The attacker needs to ensure a perfect storm of variables to be able to violate your encrypted tunnel:
- They need to be on the same network as you;
- You need to be using an HTTP connection;
- You need to be using a browser vulnerable to VORACLE (anything but Chrome);
- You need to visit a website that the hacker controls;
- You need to be using OpenVPN with compression engaged.
You should always be wary when browsing an HTTP website like in step 2, but step 4 should definitely jump out at you. If you’re visiting a site owned or compromised by the attacker, they’ll already have a wealth of options at their disposal for attacking you (see how in our post all about hacking methods). Instead of just attacking you through there, they’d need a reason specifically to break into your encrypted tunnel, which will reduce the number of cases in which this tool will be the hacker’s weapon of choice.
How we fixed it
The core of the fix was as simple as they come – disable compression for OpenVPN in NordVPN. That’s why our tech team was able to patch up the vulnerability almost immediately. After that, we continued to test our service to ensure that the problem was fixed and that the fix didn’t have any negative effects. We were even pleased to find that the change had no negative effect on our service quality.
STATUS: NordVPN is SAFE from the VORACLE attack