Wow, this on OSS-Sec is a nice bit of work. Inferring & hijacking VPN-tunnelled TCP connections. Seems a VPN on it's own may not be enough when on untrusted wifi. "We can then arbitrarily inject data into the active TCP connection." https://mailarchives.bentasker.co.uk/Mirrors/OSSSec/2019/12-Dec/msg00016.html cc @TheRegister