Is Private Internet Access Impacted by TunnelVision?

Posted on May 8, 2024 by Jack Buckley

We are aware of a recent report published by security researchers in Seattle, Washington. The core functionality of this exploit, which the report’s authors named “TunnelVision,” involves both a malicious and/or compromised DHCP server, and no VPN kill switch functionality. The result is traffic being rerouted and intercepted before reaching a user’s encrypted VPN tunnel. 

While the report itself seems to represent all VPN providers as equally impacted, the greatest user impact has been identified when connected to untrusted Wi-Fi without the protection of a kill switch. In practice, this highly specific vulnerability profile limits the scope and the severity of the issue – particularly for PIA users. 

Rest easy. PIA’s kill switch is specifically designed to block all traffic that does not travel via the VPN client. When using trusted Wi-Fi networks, and with default app security configurations enabled, any risk to PIA users from this exploit is extremely limited. On untrusted networks, PIA’s kill switch will protect you completely on all desktop and mobile platforms except iOS (more on this below).

To be clear, this exploit is only possible if you turn off your default kill switch functionality deliberately and connect to a compromised network. So if you ever turn it off, for any reason, turn it back on ASAP to make sure you’re covered. 

What Is TunnelVision? 

When your VPN is active, your traffic is sent through the encrypted tunnel route by default. All user traffic is directed, fully encrypted, via the VPN tunnel. 

TunnelVision takes advantage of “works as intended” DHCP network routing settings defined at the manufacturer OS level. The exploit uses option 121 to potentially cause a leak – in short, forcing new non-protected traffic routes, and attempting to override protected VPN routes. 

This means that, without a kill switch engaged, traffic that a user would expect to be protected by the VPN could instead be routed through non-encrypted routes without their knowledge. 

What Does This Mean for You?  

For the majority of users, ensuring PIA’s kill switch tool is engaged is sufficient to neutralize this exploit. Beyond continuing to make the excellent choice of PIA as your secure VPN partner, you should still use standard cyber hygiene best practices around software updates and passwords, and avoid using untrusted public networks without protection. 

How Does PIA’s Kill Switch Work? 

PIA uses two forms of kill switch: standard and advanced.

Our standard kill switch is enabled by default on all devices (barring smart TVs, which do not include kill switch functionality). Once the VPN is engaged, the kill switch automatically blocks any traffic that does not travel via the VPN client – even during unexpected disconnects or server changes. This ensures that all traffic stays within the VPN-encrypted tunnel. 

In the case of TunnelVision, the kill switch will block all traffic that attempts to escape the VPN through the routes pushed by DHCP option 121.

PIA’s advanced kill switch operates similarly, but with one key difference: it blocks traffic even when the VPN is turned off for ultimate security. 

Anything Else You Need to Know? 

PIA does not currently have kill switch functionality as an option on our Apple TV or Android TV applications. The reason for this is twofold: first, there is little incentive for an attacker to redirect traffic from user streaming services. Second, smart TV apps are almost exclusively used when at home on trusted Wi-Fi networks. 

We want to highlight that iOS can be impacted, but that this is unfortunately business as usual for iOS as this functionality is broadly dictated by Apple. That said, connecting to your 4G or 5G network instead of an untrusted Wi-Fi network on iOS should be your default secure connection choice – until such time that Apple finally addresses this ongoing issue. 

As always, the PIA team will continue to put your security and digital privacy first, keeping you fully up to date in line with our commitment to transparency and visibility at all times. If your kill switch function is currently in the ‘off’ position, we strongly recommend you turn it back on.

Leave a Reply

Your email address will not be published. Required fields are marked *