VPN provider proves OpenVPN private keys at risk from Heartbleed bug
The fallout from the OpenSSL Heartbleed bug continues. Recently, personal virtual private network provider Mullvad said it was able to extract private encryption keys for OpenVPN from a test server.
The group behind OpenVPN had previously warned that OpenVPN could be vulnerable to attack since the open source VPN software uses OpenSSL by default. But Sweden-based Mullvad's tests appear to be the first proof-of-concept proving that extracting private keys is actually possible, as first reported by ArsTechnica.
"We have successfully extracted private key material multiple times from an OpenVPN server by exploiting the Heartbleed Bug," Mullvad co-founder Fredrik Strömberg wrote on Hacker News. "The material we found was sufficient for us to recreate the private key and impersonate the server."
Vulnerability to Heartbleed is particularly damaging for users since VPNs are meant as an extra step to make sure your online communications are kept private. If attackers are able to extract the private keys and then impersonate the VPN server, it puts users' encrypted communications at risk.
As with all Heartbleed vulnerabilities, however, extracting information from a VPN server would take time and effort. Mullvad didn't say exactly how much data it had to gather to recreate the private keys in its tests, but it did have to gather a lot.
"Trying to get key material is like trying to win the lottery, we only need one response that contains key material," Strömberg told PCWorld. "Just like the other Heartbleed exploits we did a lot of requests, to get a lot of data. I left my program running overnight, and in the morning I had what I wanted."
But with Heartbleed leaking random data 64KB at a time wouldn't so many hits on a server set off alarm bells for most IT admins? Not necessarily. "Admins won't notice it without the help of more advanced tools," Strömberg said. "We're not generating a lot of traffic with the attack, and even on a low traffic VPN server you could get the key if you have patience."
Regardless of whether it's detectable or not, Mullvad's tests show the threat to providers using OpenVPN is real.
"Our exploit is decently weaponized...we believe it may severely impact those who have not already upgraded," Strömberg said in his Hacker News post. "You should assume that other teams with more nefarious purposes have already created weaponized exploits for OpenVPN."
For anyone who relies on a personal VPN service using OpenVPN, Strömberg says it's wise to ask your provider if they have added a patch against Heartbleed into their desktop client.
If your provider uses client certificates, ask them for new ones. You should also change your username and password as a precaution once your provider's servers are patched against Heartbleed. You should also ask if they've revoked their old server certificates and issued new ones.
Finally, you'll need a certificate revocation list that your OpenVPN client can use. "It doesn't matter that they revoked the certificates," Strömberg said. "[Without a revocation list] your OpenVPN client won't know about it, and you are still vulnerable to a man-in-the-middle attack."