A new security vulnerability has just been revealed that could affect NordVPN and other leading VPN providers, making it possible for sophisticated hackers to gradually piece together the target’s traffic. Fortunately, we have already eliminated the vulnerability from our system.The vulnerability was revealed in early August at the Black Hat conference in Las Vegas by security researcher Ahamed Nafeez. He created a tool called VORACLE that could potentially target any VPN that used the OpenVPN protocol. That option is and continues to be available to NordVPN users because the vulnerability has been sealed.
How the VORACLE hack worksThe VORACLE vulnerability is based on a number of hacks that were initially addressed and sealed in 2012 and 2013. It all starts with the OpenVPN protocol. By default, OpenVPN compresses data before encrypting it. By adding tiny bits of known data to the unknown data before it is encrypted, VORACLE can eventually discover the session key for that encrypted conversation. This would then give the hacker the ability to unlock the conversation and read it. However, initiating the attack isn’t exactly easy. The attacker needs to ensure a perfect storm of variables to be able to violate your encrypted tunnel:
- They need to be on the same network as you;
- You need to be using an HTTP connection;
- You need to be using a browser vulnerable to VORACLE (anything but Chrome);
- You need to visit a website that the hacker controls;
- You need to be using OpenVPN with compression engaged.