Our research for Black Hat demonstrates that the Secure Remote Access or so-called ‘VPN’ technologies typically used by enterprises to facilitate access to their networks for remote employees are poorly understood, improperly configured and don’t provide the full level of protection typically expected of them. This isn’t because of bugs in the technology, but rather due to a ubiquitous scenario in which the remote worker is connected to Wi-Fi that is is untrusted, insecure or compromised. We demonstrate that in this common use-case ‘VPN’ technologies do not act as we expect them to and therefore expose several opportunities to an attack with control over the Wi-Fi access point.
To get access to the most recent results from our studies, updates, additional demos and other resources on our research, visit: https://orangecyberdefense.com/global/insecure-remote-access/. Visit https://securityweekly.com/summercamp2020 to view the Live Stream and previously recorded micro-interviews.
Chat live with the Security Weekly Staff, Hosts, and Guests in our Discord Server: https://discord.gg/pqSwWm4
Why Secure Remote Access Is Like The Emperors New Clothes