'This is an important release' — Amnezia VPN strengthens its apps to fight Russia's new approach to VPN blocking in latest update

News
By published

The VPN continues to strengthen its resilience as attacks become more sophisticated

Amnezia VPN logo on black background
(Image credit: Amnezia VPN)
  • Amnezia VPN rolls out version 4.8.18.0 to thwart recent Russian blocking
  • The update fixes a bug that exposed the VPN to alleged targeted attacks
  • Attacks targeting VPNs continue to escalate in Russia

If you’re looking for the best VPN that’s truly committed to fighting censorship, Amnezia VPN’s latest update might point you in the right direction.

In its newest release, the open-source VPN says it has fixed a bug in its AmneziaWG protocol that left its infrastructure vulnerable to a recent coordinated cyberattack, allegedly carried out by Russia's media regulator, Roskomnadzor (RKN).

Available on all platforms, version 4.8.18.0 can be downloaded from Amnezia’s website, GitHub, and the Android and iOS app stores.

Critical security fixes

Last week, Amnezia reported that Russian media regulatory authorities had attacked its VPN infrastructure, causing the system to shut down completely.

The incident prevented users of Amnezia's Free and Premium services from switching between servers and prolonged the recovery process by several days.

According to the company, the latest update patches the vulnerability that RKN likely exploited to carry out the attack.

Mazay Banzaev, founder of Amnezia VPN, told TechRadar that RKN had likely developed a high-level protocol identification system capable of detecting and blocking Amnezia VPN traffic.

The regulatory authority then allegedly used the filter to identify a specific vulnerability in Amnezia’s software and launch targeted attacks against its infrastructure.

"The key challenge lies precisely in the RKN’s new approach to blocking," Banzaev tells TechRadar. "Whereas previously they simply blocked protocols, they now use protocol fingerprints to identify servers and block them automatically on a case-by-case basis."

According to Banzaev, RKN’s new approach makes debugging protocols much more difficult: the system still works, but within a few hours or days, the server may crash completely. Therefore, even a single user running an outdated version of the protocol can compromise the entire server, causing it to crash.

Therefore, the VPN service says it remains focused on improving the service’s long-term resilience, and announced that it will soon be publishing more in-depth technical analyses on its blog.

"Right now we can confirm that AmneziaWG’s developments continue; we have no intention of giving in to the difficulties," Banzaev says.

An ongoing fight

The founder calls the recent incident "one of the most serious in the project’s history." The alleged RKN coordinated attacks happened on multiple sides — from changes in approaches to restricting VPN traffic, searches for the VPN’s protocol signatures, DDoS attacks, phishing, and API scanning.

"We were forced to adapt many technical components to the new operating conditions," he explains. "But the pressure on our services continues to grow."

AmneziaVPN is not the only service facing these challenges. Russian users have recently reported issues with Telegram's cryptographic protocol to bypass blocks, while other VPN services, such as BlancVPN, also claim to have suffered disruptions in May. Although Russian authorities recently extended the deadline for imposing fees on VPN usage, they are instead stepping up their restrictions on VPNs.

In the case of Amnezia, its AmneziaWG 2.0 custom protocol was specifically built to mimic normal traffic to evade censorship detection in unrestricted regions. However, its very own nature and purpose mean it requires continuous updates and fixes to maintain its resilience.

"This is a difficult path we have consciously chosen," Banzaev admits. "These principles allow us to operate effectively in countries with strict restrictions on access to information, and to keep pace with censors technologically," he notes.

On the good side, its persistence appears to have been rewarded by its supporters, with Amnezia claiming to have received a huge number of comments and messages of support after the incident.

"For us, this is no less important than the technical results of the team's work, and it is precisely this that gives us the confidence that we are moving in the right direction," Banzaev says.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

Silvia Iacovcich
Silvia Iacovcich
Contributing Writer

Silvia Iacovcich is a tech journalist with over five years of experience in the field, including AI, cybersecurity, and fintech. She has written for various publications focusing on the evolving regulatory landscape of AI, digital behavior, web3, and blockchain, as well as social media privacy and security regulations.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.