At a Black Hat Briefing in August 2018, the researcher Ahamed Nafeez revealed a new vulnerability in the OpenVPN protocol. The vulnerability, named Voracle, affects all TLS connections that use compression.
OpenVPN is used by a broad range of leading consumer VPN services. Nafeez was able to exploit an OpenVPN connection he set up himself, browsing a site using Firefox, but he could not replicate the effect using Google Chrome.
ExpressVPN mainly uses the OpenVPN and IPsec protocols. In our case, Voracle impacted connections set up through manual configuration or connections established through our apps using TCP OpenVPN. UDP OpenVPN connections though the apps were not affected.
How Voracle works
Compression theoretically increases storage and bandwidth capacity by replacing frequent patterns with references, similar to how replacing words with emojis allows more information to fit into a tweet. But in day-to-day use, compression when using a VPN offers little benefit.
By injecting data into an unencrypted stream, an attacker might be able to learn whether certain text is included in the unencrypted and compressed data stream by observing changes in the length of the encrypted stream.
To reliably learn about the contents of the connection, the attacker would need for the user to repeatedly request the same content, allowing for slight variations of the attacker’s test data to be injected into the user’s stream.
This data could be injected via cross-domain requests or cookies, and the attacker could then observe traffic by controlling a network switch or router. If the data is already encrypted before it enters the VPN tunnel, this vulnerability cannot be exploited. An attacker would not under any circumstances be able to use this against HTTPS or PGP/OTR connections.
Solution: Disable compression
To mitigate against Voracle, ExpressVPN has disabled compression on all connections made by apps. Users do not need to update their apps.
The manual configuration files require more testing before we can safely ship a solution. Altering them at this point could mean breaking connections for any manually configured user, which could cause unnecessary disruption of service given the relatively narrow conditions under which the vulnerability can be exploited.
ExpressVPN considers the exploit serious but limited in application, as an attacker would need not only to be able to observe the encrypted traffic but also be able to inject data into the unencrypted data stream. Still, when using any site or service where sensitive data is involved, internet users should use HTTPS for end-to-end encryption.