What is VORACLE & Are PureVPN Users Protected?
A recently discovered vulnerability called VORACLE has been making rounds on the internet. The vulnerability can potentially allow a hacker or intruder to exploit a loophole in OpenVPN protocol, used by the majority of VPN providers.
The credit for discovering this exploit goes to a security researcher named Ahamed Nafeez at the Black Hat and DEF CON security conferences in Las Vegas. The conferences were held last week
VORACLE has been deemed potentially dangerous since it can allow an attacker to read the data sent via the OpenVPN protocol. A hacker using this exploit might be able to recover data sent via HTTP or non-SSL services.
The good news is that the attack only works under specific conditions.
Is PureVPN Safe from this Threat?
Yes. Our servers and infrastructure have already been patched and our users don’t require to do anything at their end. This goes true for both our apps and manual users.
Furthermore, this vulnerability affected all VPN providers offering OpenVPN equally, with the majority of providers opting for a patch on server side, and requiring users to update their apps, which to a certain extent, disrupted the connectivity of users.
Being a customer-centric and privacy-focused organization, our engineers figured out a way that ensured the reduction of downtime to a mere disconnection, complete protection of our infrastructure, and maximum convenience of our users.
How does the VORACLE exploit work?
As stated above, VORACLE works under specific situations:
- You connect via OpenVPN with compression enabled.
- The attacker needs to be on the same network/WiFi as you are.
- You use an HTTP connection (insecure website).
- You use a browser that’s vulnerable to VORACLE - every browser except Chrome.
- You visit a website that a hacker has total control over