[TunnelVision attack] Explanations and impact on Qubes OS

A new attack was published, named TunnelVision, explaining how to snoop all the unencrypted VPN traffic through a local system.

Qubes OS is immune as long as you do not establish a VPN in the qube connected to the real world network (by defaut it’s either sys-net or sys-usb).

In summary, the attack make the local DHCP server auto configuring workstations network to send a gateway address that is similar to the one used by the VPN but with a higher priority, so the operating system will send its VPN traffic to that address instead of the VPN server.

Off-topicAndroid seems unaffected.

Moderation note: please keep the commentary relevant to Qubes OS everyone!