Skip to main content

Leaky Blinders: Information Leakage in Mobile VPNs

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13285))

Included in the following conference series:

  • 1322 Accesses

Abstract

In the mobile domain, VPN applications promise an additional layer of protection for wireless connections. They offer users the choice to improve the security of their connections, however, we only have very limited knowledge about the technical implications that the shift from desktop to mobile applications brings. In this work, we conduct a quantitative analysis of selected Android VPNs and demonstrate how all of them leak packets during an active tunnel. We conduct these measurements for different phones and in varying use case scenarios, including the comparison of Wi-Fi and 4G connections, to get a better understanding of how the mobile setting influences the security of a VPN. While we observe leaks in all combinations, some settings particularly cause the transmission of thousands of unprotected packets. We further conduct a series of case studies to provide some first insights on the causes for the observed leakage.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. VpnService reference (2022). https://developer.android.com/reference/android/net/VpnService

  2. Amarisoft callbox series (2022). https://www.amarisoft.com/products/test-measurements/amari-lte-callbox/

  3. Donenfeld, J.A.: Wireguard: next generation kernel network tunnel. In: NDSS, pp. 1–12 (2017)

    Google Scholar 

  4. Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, New York, NY, USA, pp. 1388–1401. Association for Computing Machinery (2016). https://doi.org/10.1145/2976749.2978313

  5. Fazal, L., Ganu, S., Kappes, M., Krishnakumar, A.S., Krishnan, P.: Tackling security vulnerabilities in VPN-based wireless deployments. In: 2004 IEEE International Conference on Communications (IEEE Cat. No. 04CH37577), vol. 1, pp. 100–104. IEEE (2004)

    Google Scholar 

  6. Frankel, S., Kent, K., Lewkowski, R., Orebaugh, A.D., Ritchey, R.W., Sharma, S.R.: Guide to IPsec VPNs (2005)

    Google Scholar 

  7. GlobalStats statcounter: Mobile operating system market share worldwide (2022). https://gs.statcounter.com/os-market-share/mobile/worldwide. Accessed 4 Feb 2022

  8. Ikram, M., Vallina-Rodriguez, N., Seneviratne, S., Kaafar, M.A., Paxson, V.: An analysis of the privacy and security risks of android VPN permission-enabled apps. In: Proceedings of the 2016 Internet Measurement Conference, pp. 349–364 (2016)

    Google Scholar 

  9. Khan, M.T., DeBlasio, J., Voelker, G.M., Snoeren, A.C., Kanich, C., Vallina-Rodriguez, N.: An empirical analysis of the commercial VPN ecosystem. In: Proceedings of the Internet Measurement Conference 2018, pp. 443–456 (2018)

    Google Scholar 

  10. Khattak, S., Javed, M., Khayam, S.A., Uzmi, Z.A., Paxson, V.: A look at the consequences of internet censorship through an ISP lens. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 271–284 (2014)

    Google Scholar 

  11. Liu, B., et al.: Follow my recommendations: a personalized privacy assistant for mobile app permissions. In: Symposium on Usable Privacy and Security (2016)

    Google Scholar 

  12. Nobori, D., Shinjo, Y.: VPN gate: a volunteer-organized public VPN relay system with blocking resistance for bypassing government censorship firewalls. In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2014), pp. 229–241 (2014)

    Google Scholar 

  13. Perta, V.C., Barbera, M., Tyson, G., Haddadi, H., Mei, A., et al.: A glance through the VPN looking glass: IPv6 leakage and DNS hijacking in commercial VPN clients (2015)

    Google Scholar 

  14. How much RAM do you need in a smartphone? (2019). https://www.androidauthority.com/how-much-ram-do-you-need-in-smartphone-2019-944920/

  15. Ramesh, R., Evdokimov, L., Xue, D., Ensafi, R.: VPNalyzer: systematic investigation of the VPN ecosystem. In: Network and Distributed Systems Security, NDSS 2022. ISOC (2022)

    Google Scholar 

  16. Rimmer, V., Preuveneers, D., Juarez, M., Van Goethem, T., Joosen, W.: Automated website fingerprinting through deep learning. In: Network and Distributed System Security Symposium, NDSS 2018, San Diego, CA, USA. The Internet Society, February 2018

    Google Scholar 

  17. Statista: Size of the virtual private network (VPN) market worldwide in 2019 and 2027 (2022). https://www.statista.com/statistics/542817/worldwide-virtual-private-network-market/

  18. Sundara Raman, R., Shenoy, P., Kohls, K., Ensafi, R.: Censored planet: an internet-wide, longitudinal censorship observatory. In: ACM SIGSAC Conference on Computer and Communications Security (CCS) (2020)

    Google Scholar 

  19. Wired: The attack on global privacy leaves few places to turn (2017). https://www.wired.com/story/china-russia-vpn-crackdown/

  20. Zhang, Q., Li, J., Zhang, Y., Wang, H., Gu, D.: Oh-Pwn-VPN! Security analysis of OpenVPN-based android apps. In: Capkun, S., Chow, S.S.M. (eds.) CANS 2017. LNCS, vol. 11261, pp. 373–389. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02641-7_17

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Thijs Heijligenberg .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Heijligenberg, T., Lkhaouni, O., Kohls, K. (2022). Leaky Blinders: Information Leakage in Mobile VPNs. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2022. Lecture Notes in Computer Science, vol 13285. Springer, Cham. https://doi.org/10.1007/978-3-031-16815-4_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-16815-4_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-16814-7

  • Online ISBN: 978-3-031-16815-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics