No, it works at any point and the local network needs to be compromised (untrusted), the host can be secure.
Comment on Novel attack against virtually all VPN apps neuters their entire purpose
MonkderDritte@feddit.de 9 months ago
If i get that right, that attack only works before the tunnel is initiated (i.e. traffic encrypted), if the hosts is compromoised, right?
DreamlandLividity@lemmy.world 9 months ago
MonkderDritte@feddit.de 9 months ago
Yikes
DreamlandLividity@lemmy.world 9 months ago
That being said, it apparently does not affect Mullvad on any platform other than iOS (Apple does not allow fixing it on iOS). I suspect other serious VPNs are also not vulnerable outside iOS.
seth@lemmy.world 9 months ago
Yes, and also is fine if you’re using a cell hotspot.
NeatNit@discuss.tchncs.de 9 months ago
Sounds to me like it totally works even after the tunnel has started.
Natanael@slrpnk.net 9 months ago
Yeah, it’s like a fake traffic cop basically, sending your (network) traffic down the wrong route
KairuByte@lemmy.dbzer0.com 9 months ago
More like a corrupt traffic cop. There are reasons you might want this kind of functionality, which is why it exists. Normally you can trust the cop (DHCP server) but in this case the cop has decided to send everyone from all streets down to the docks.
Natanael@slrpnk.net 9 months ago
These types of attacks would likely be implemented via DHCP spoofing / poisoning, unless you’re on a malicious network