Major uproar in the news these past days: A study conducted by five security researchers from Queen Mary University of London (QMUL) and Sapienza University of Rome reveals that many internet anonymisation programs might be leaking user data. The study looked at 14 of the most popular VPN services, out of which 10 were found to leak all or a critical part of their users’ traffic from the IPv6 protocol, while 13 were defenseless when it came to DNS hijacking; moreover, no VPN proved to be immune to both threats.
Since CyberGhost wasn’t included in the study, we took it upon ourselves to replicate the tests. And the results were not at all surprising to us: CyberGhost VPN passed the DNS hijacking & the IPv6 leakage tests with flying colours on desktop operating systems, as you will see in this article.
But first some technical explanations.
What is DNS hijacking?
Domain Name Servers (DNS) are the Internet’s most important traffic control centers. You type an address into your browser -> which sends it to the Internet -> where it enters the DN-Server -> which converts it to a numeric code -> that in turn belongs to an existing website -> to which you will then be directed. If the target server does not exist, an error message is issued.
So far so good, right? Well unfortunately, this same technique can also be used to allow malicious or non-malicious redirects of such requests. The non-malicious redirects happen when a provider does not issue an error with dead addresses, but forwards to his own search service. The malicious kind of redirect happens when a valid address is replaced by a different one that leads to a fake landing page. Then you might think you are on your (say) bank’s website, but what you are really doing is trusting someone who is only simulating your bank’s webpage with some very sensitive data that you would surely want to keep to yourself. Like your PIN, for example.
What is IPv6 leakage?
Internet Protocol version 4 (IPv4) is bound to reach its limits soon, which is why version 6 (IPv6, in short) was created, primarily to overcome the issue of finite numbers of currently available Internet addresses. Unfortunately, since IPv6 isn’t globally available yet and most Internet users still get connected through IPv4, it seems that many VPN providers neglect the integration of IPv6 into their products, ignoring the fact that if an Internet connection is equipped with both IPv4 AND IPv6, personal data might leak unprotected on the IPv6 interface parallel to the protected IPv4 tunnel.
A few years back, there was little interest in IPv6 traffic because of its low distribution, but in modern Internet times it’s steadily increasing and, if not supported or blocked, makes it easy to sniff a user’s data such as the websites one is visiting and the comments they are leaving all over the web. Moreover, the entire browser history can be viewed when accessing an IPv4 website. However, financial transactions and similar sensitive activities are still safe – as long as one sticks to HTTPS pages.
According to the study, nearly all 14 VPN providers tested are open to DNS hijacking and thus may leak user data. „Despite the criticality of the DNS resolution process, we found that most VPN services do not take significant steps to secure it,” the authors mentioned in their paper A Glance Through the Looking Glass VPN: IPv6 and DNS hijacking Leakage in Commercial VPN clients (PDF).
As for IPv6 leakage, the results were not as dramatic, but still quite daunting: “Whereas our work initially started as a general exploration, we soon discovered that a serious vulnerability, IPv6 traffic leakage, is pervasive across nearly all VPN services. In many cases, we measured the entirety of a client’s IPv6 traffic being leaked over the native interface. A further security screening revealed two DNS hijacking attacks that allow us to gain access to all of a victim’s traffic.”
In the end, only 4 out of 14 were found able to protect their users against this kind of data loss.
The team looked at the behavior of these 14 software clients on a Wi-Fi access point. They generated an IPv6 through IPv4 tunnel (Campus Dual Stack OpenWRT) and tested two DNS hijacking attacks that granted access to all traffic on the subject monitored. All experiments were carried out under current Ubuntu, Windows, OSX, iOS 7 and Android platforms, the most common fields of operation for VPNs. The research paper was presented on June 30, 2015 at the Privacy Enhancing Technologies Symposium in Philadelphia.
What about CyberGhost VPN, is it affected by DNS hijacking and/or IPv6 leakage?
No, CyberGhost is not affected. The Windows & Mac clients reliably prevent both IPv6 leakage and DNS hijacking, the latter being activated by default – but of course it never hurts to check both adjustments in the Settings tab.
If you want to do the test yourself and check whether you are adequately protected when using CyberGhost, please proceed as follows:
- Open CyberGhost
- Connect to a server
- Visit the following test sites:
- IPv6 Leaktest: http://ipv6leak.com/(the results are clear, you are either protected (green) or not (red))
- DNS Leaktest: https://www.dnsleaktest.com/ (If one of the servers listed does not belong to CyberGhost, then the test failed. In the image below, you can see that both of CG’s DNS are listed as protected).
If you get negative results, please open the Settings tab (note that this applies to the Windows client), click on Show advanced settings and then the Connection tab. There are two boxes you need to look at, the „Force using CyberGhost DNS-Servers” and the „Disable IPV6” ones. If one of these is not checked, please activate it and then repeat the test.
A few more words on what we do to protect your online privacy & anonymity
- We don’t have any association between your public IP and your real IP (while other VPN providers have a 1-to-1 translation of IP address, we offer many-to-1 NAT, which means that one IP is used by 40 users, not just 1!). As you might imagine, this significantly improves anonymity.
- Additionally, we offer you the option to enable the Anti Fingerprinting system and the Content Blocker from the Privacy Control tab. Every browser delivers a lot of info to every site you visit: User Agent (browser version, type, language), Operating system, If cookies are enabled or not, System fonts, Plugin details. This combination of parameters creates a so-called browser fingerprint, which makes you easily identifiable while surfing the web. (You can check this with eff.org). But thanks to our Anti Fingerprinting system that filters all this info, your browser parameters no longer make you trackable online.
- Besides these features that are tweakable in the Settings Tab, we also have several ones that work in the background to ensure the most secure connection. One of these features is the Advanced Anonymization Test, which makes sure that all traffic going out from your PC is routed through the encrypted CyberGhost VPN network; another one is the SecureConnect feature that makes sure to keep your connection secure if your Internet disconnects.