This is an automated archive.
The original was posted on /r/ivpn by /u/viktorivpn on 2023-08-10 15:58:23+00:00.
Regarding the TunnelCrack paper published recently: IVPN apps were not tested by the researchers, and unlike other providers, we have not received a vulnerability disclosure in advance. We are investigating the findings and will issue a detailed response after our evaluation.
You can find the research paper and summary of issues here:
Based on a first review we can conclude "LocalNet Attack" can be mitigated by disabling Local Network Access in VPN apps.
If you are concerned about that attack vector, we suggest unchecking 'Allow LAN traffic' in the Firewall settings in the IVPN apps (except iOS) when connecting to networks you do not trust. This feature is disabled by default - no action is required unless you enabled it.
We will update this thread with a link to the detailed response.