A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients

Commercial Virtual Private Network (VPN) services have become a popular and convenient technology for users seeking privacy and anonymity. They have been applied to a wide range of use cases, with commercial providers often making bold claims regarding their ability to fulfil each of these needs, e.g., censorship circumvention, anonymity and protection from monitoring and tracking. However, as of yet, the claims made by these providers have not received a sufficiently detailed scrutiny. This paper thus investigates the claims of privacy and anonymity in commercial VPN services. We analyse 14 of the most popular ones, inspecting their internals and their infrastructures. Despite being a known issue, our experimental study reveals that the majority of VPN services suffer from IPv6 traffic leakage. The work is extended by developing more sophisticated DNS hijacking attacks that allow all traffic to be transparently captured.We conclude discussing a range of best practices and countermeasures that can address these vulnerabilitie

A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN Clients

Abstract Commercial Virtual Private Network (VPN) services have become a popular and convenient technology for users seeking privacy and anonymity. They have been applied to a wide range of use cases, with commercial providers often making bold claims regarding their ability to fulfil each of these needs, e.g., censorship circumvention, anonymity and protection from monitoring and tracking. However, as of yet, the claims made by these providers have not received a sufficiently detailed scrutiny. This paper thus investigates the claims of privacy and anonymity in commercial VPN services. We analyse 14 of the most popular ones, inspecting their internals and their infrastructures. Despite being a known issue, our experimental study reveals that the majority of VPN services suffer from IPv6 traffic leakage. The work is extended by developing more sophisticated DNS hijacking attacks that allow all traffic to be transparently captured.We conclude discussing a range of best practices and countermeasures that can address these vulnerabilitie

WiFi Probe Requests - CRAWDAD dataset sapienza/probe-requests (v. 2013-09-10)

Mobile devices try to automatically switch to WiFi connectivity whenever possible. To facilitate this automatic process, they store the list of the names (SSID) of the networks the user typically connects to and, periodically, these SSIDs are sent in broadcast in the form of Probe Request to search for available networks. The following questions then rise naturally: "What do your smartphone probes say about you?"; "Is it possible to infer meaningful relationships among a group of people just using their smartphones' probes?". To answer all these questions, we organized a campaign of probe collection in Rome (Italy): We targeted a university campus as well as city-wide, national and international events. Our campaign lasted three months, and we managed to collect, using commodity hardware only, ~11 million probes sent by ~160 thousand different devices. The release contains anonymized traces in .pcap format

SARS-CoV-2 multi-variant rapid detector based on graphene transistor functionalized with an engineered dimeric ACE2 receptor

Reliable point-of-care (POC) rapid tests are crucial to detect infection and contain the spread of Severe Acute Respiratory Syndrome Coronavirus 2 (SARS-CoV-2). The emergence of several variants of concern (VOC) can reduce binding affinity to diagnostic antibodies, limiting the efficacy of the currently adopted tests, while showing unaltered or increased affinity for the host receptor, angiotensin converting enzyme 2 (ACE2). We present a graphene field-effect transistor (gFET) biosensor design, which exploits the Spike-ACE2 interaction, the crucial step for SARS-CoV-2 infection. Extensive computational analyses show that a chimeric ACE2-Fragment crystallizable (ACE2-Fc) construct mimics the native receptor dimeric conformation. ACE2-Fc functionalized gFET allows in vitro detection of the trimeric Spike protein, outperforming functionalization with a diagnostic antibody or with the soluble ACE2 portion, resulting in a sensitivity of 20 pg/mL. Our miniaturized POC biosensor successfully detects B.1.610 (pre-VOC), Alpha, Beta, Gamma, Delta, Omicron (i.e., BA.1, BA.2, BA.4, BA.5, BA.2.75 and BQ.1) variants in isolated viruses and patient's clinical nasopharyngeal swabs. The biosensor reached a Limit Of Detection (LOD) of 65 cps/mL in swab specimens of Omicron BA.5. Our approach paves the way for a new and reusable class of highly sensitive, rapid and variant-robust SARS-CoV-2 detection systems