Port Shadow VPN attacks: who’s at risk and how to stay safe

Yet another reminder to use a reputable VPN app

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A team of researchers is warning of a vulnerability affecting VPN platforms which could make users “less secure in specific situations.”

What’s been dubbed “Port Shadow” can allow attackers to act as a man-in-the-middle between you and the VPN server you’re connected to. This potentially enables them to intercept and decrypt your VPN traffic, redirect your DNS request, and deanonymize your connection.

Before entering into panic mode, you should know that thebest VPNservices aren’t vulnerable as they are precisely built to prevent third parties from exploiting this flaw.

The new Port Shadow study builds on a2021 research, in fact, meaning VPN developers were largely already aware of such a flaw. What’s certain, though, is that the new paper shed yet another light on the importance of getting reputable VPN software.

The dangers of Port Shadow

As researchers explain in their paper, widely usedVPN protocols(OpenVPN, WireGuard, OpenConnect) can be vulnerable to Port Shadow when they lack the right software infrastructure to prevent this flaw from being exploited. This virtually makes people using an ill-crafted VPN service actuallylesssecure instead.

“Port Shadow attacks pose significant risks to user privacy,” Karolis Kaciulis, Leading System Engineer atSurfshark, told me. “The primary threat is that malicious actors can intercept a user’sDNSrequests and inject harmful DNS records in response. This manipulation allows attackers to redirect user traffic and could lead to further attacks.”

This is because the Port Shadow flaw enables threat actors to target other users connected to the same VPN servers as they share a common port to establish the connection.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Similarly whenbrowsing a public Wi-Fiwithout the right protections in place, if the source port selection isn’t randomized, it can ultimately enable third parties to snoop on your unencrypted data, scan your port entry, or even hijack your connection.

DYK most #VPN services can actually make you less secure? Today @PET_Symposium, Benjamin Mixon-Baca will present research done in collaboration with the Citizen Lab about how VPNs can enable an attacker to act as an in-path router between you and the VPN server. The study… pic.twitter.com/qB89VsfqHQJuly 16, 2024

Despite how dangerous it all sounds, however, some VPN developers argue that exploiting this vulnerability isn’t as easy in practice as it looks on paper.

“The attack vector is not very practical given it requires the attacker to know both the publicIP addressof the victim and the specific VPN server they are connected to,” Samuele Kaplun, Ecosystem & VPN Lead atProton VPN.“Given these requirements, we would be surprised if it was successfully exploited in the wild.”

Lauren Hendry Parsons,ExpressVPN’s spokesperson, shares a similar view. “Multiple preconditions would have to be met for anyone to be vulnerable to it,” she said. “The way we assess it is that it’s essentially a lab-only attack: in theory, you could extend it to any basic VPN provider, but in reality, it’s difficult to pull off, and it’s not really clear what it gains you.”

How to protect against Port Shadow attacks

As mentioned earlier, the most reputable VPN providers have already built their software to successfully neutralize Port Shadow attacks.

As the research paper reads: “We found that some VPN services operating over OpenVPN or WireGuard protocols are not susceptible to CVE-2021-3773, includingNordVPN, ExpressVPN, and Surfshark.” Alongside these services, also Proton confirmed to TechRadar that its VPN is not affected by it.

So, what are these VPN providers doing to protect you from Port Shadow attacks? And, most importantly, what canyoudo to boost your VPN security even more?

Using a reputable VPN

The mostsecure VPNproviders are built to ensure different entry and exit IP addresses. This aims, as Kaplun from Proton VPN explains, to prevent the creation of connection tracking among IPs, which is essential for carrying on the attack.

Commenting on this point, Parsons from Express said: “This is an industry best practice - it enhances user privacy by preventing websites or ISPs from tying activity to specific individuals.”

Avirtual private network (VPN)is security software that encrypts your internet connections to boost your online privacy by rerouting the data leaving your device into a secure encrypted tunnel. As you need to connect to one of its servers to use the service, a VPN also spoofs your real IP address allowing you to access otherwise geo-restricted content.

Look out for a reliable kill switch

AVPN kill switchis an additional layer of security to look out for as it’s designed to protect your data from accidental exposure and leaks. Let’s imagine your VPN connection drops, this advanced security feature will block your internet access until the connection to the VPN server is restored.

The good news is that all the top-rated VPNs offer this tool, with our favorite NordVPN boasting two kill switches for doubling down on its protection. So, make sure to keep the kill switch option active at all times.

Get a Dedicated IP for extra safety

Considering that a shared IP is a key factor for being vulnerable to Port Shadow attacks, you could even completely cut off the problem directly from the source by getting adedicated IP. As the name suggests, this indicates an address that only you will ever use - a security option offered by many providers generally for an extra fee.

It is worth reminding you that, while it can further mitigate the risk, a dedicated IP isn’t strictly needed if you’re using a trustworthy VPN. As NordVPN commented when I asked, “Our customers are safe regardless.”

We test and review VPN services in the context of legal recreational uses. For example:1.Accessing a service from another country (subject to the terms and conditions of that service).2.Protecting your online security and strengthening your online privacy when abroad.We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Should your VPN always be on?

3 reasons why PIA fell in our best VPN rankings

Your next smartwatch could be battery-free – and powered by your skin