Novel attack against virtually all VPN apps neuters their entire purpose
Novel attack against virtually all VPN apps neuters their entire purpose
TunnelVision vulnerability has existed since 2002 and may already be known to attackers.
Pulling this off requires high privileges in the network, so if this is done by intruder you're probably having a Really Bad Day anyway, but might be good to know if you're connecting to untrusted networks (public wifi etc). For now, if you need to be sure, either tether to Android - since the Android stack doesn't implement DHCP option 121 or run VPN in VM that isn't bridged.