Disable F-secure Freedome VPN remotely (OS X)

08 Sep 2016 . category: Hacking .
#hacking #vulnerability #anonymity

Short description

It is possible to disable Freedome remotly (old versions) by attacker who want to reveal the real IP-address of the Freedome user. The bug is reported to F-secure and they have fixed the issue already couple of months ago. Thanks for quick reactions.

Technical description

Freedome is based on OpenVPN and it uses “–management-client” in openvpn which means that the management of the openvpn is done from other process and in this case from Freedome GUI. Client is listening at TCP-socket and socket was binded to localhost and to random port. Attacker can make web-page which will rather fast go thourgh the port range. When the connection is made to against Freedome GUI TCP-socket it will disconnect the real connection between OpenVPN and Freedome GUI. This will disconnect VPN connection and laptop will fall back to “normal” Internet connection and it will expose the user real IP-address.

PoC was sent to F-secure and they fixed the issue with changing the TCP-socket to Unix Domain Socket. Thanks for F-secure for quick reaction.

---