Huge security flaw leaks vpn users real ip-addresses

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,356
VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC. The vulnerability is limited to supporting browsers such as Firefox and Chrome, and appears to affect Windows users only. Luckily the security hole is relatively easy to fix.

The Snowden revelations have made it clear that online privacy is certainly not a given.

Just a few days ago we learned that the Canadian Government tracked visitors of dozens of popular file-sharing sites.

As these stories make headlines around the world interest in anonymity services such as VPNs has increased, as even regular Internet users don’t like the idea of being spied on.

Unfortunately, even the best VPN services can’t guarantee to be 100% secure. This week a very concerning security flaw revealed that it’s easy to see the real IP-addresses of many VPN users through a WebRTC feature.

With a few lines of code websites can make requests to STUN servers and log users’ VPN IP-address and the “hidden” home IP-address, as well as local network addresses.

The vulnerability affects WebRTC-supporting browsers including Firefox and Chrome and appears to be limited to Windows machines.

A demo published on GitHub by developer Daniel Roesler allows people to check if they are affected by the security flaw.



IP-address leak




The demo claims that browser plugins can’t block the vulnerability, but luckily this isn’t entirely true. There are several easy fixes available to patch the security hole.

Chrome users can install the WebRTC block extension or ScriptSafe, which both reportedly block the vulnerability.

Firefox users should be able to block the request with the NoScript addon. Alternatively, they can type “about:config” in the address bar and set the “media.peerconnection.enabled” setting to false.






TF asked various VPN providers to share their thoughts and tips on the vulnerability.Private Internet Access told us that the are currently investigating the issue to see what they can do on their end to address it. (Update: PIA published an article on the issue today)

TorGuard informed us that they issued a warning in a blog post along with instructions on how to stop the browser leak. Ben Van Der Pelt, TorGuard’s CEO, further informed us that tunneling the VPN through a router is another fix.

“Perhaps the best way to be protected from WebRTC and similar vulnerabilities is to run the VPN tunnel directly on the router. This allows the user to be connected to a VPN directly via Wi-Fi, leaving no possibility of a rogue script bypassing a software VPN tunnel and finding one’s real IP,” Van der Pelt says.

“During our testing Windows users who were connected by way of a VPN router were not vulnerable to WebRTC IP leaks even without any browser fixes,” he adds.

While the fixes above are all reported to work, the leak is a reminder that anonymity should never be taken for granted.

As is often the case with these type of vulnerabilities, VPN and proxy users should regularly check if their connection is secure. This also includes testing against DNS leaks and proxy vulnerabilities.
Source
 

Yellowing

Level 5
Verified
Jun 7, 2018
221
Kind of. I heard and found that many extensions or even some DNS are blocking WebRTC. (You're able to chose your DNS irregardless of your VPN)
DNS or IP Leaks can also occur through torrent, but that is specific to VPNs. I don't know who blocks that successful. ProtonVPN had an issue with that. (Until recently, I think.)

On my list Windscribe rules them all, because it has so many options in it's program - and ExpressVPN loses because it had issues and it's dumb. :)
 

Yellowing

Level 5
Verified
Jun 7, 2018
221
I don't know. Test yourself. :p I don't use torrents anymore. (That protonVPN story was month ago) :giggle:
Test here: IP/DNS Detect "Torrent Address detection"
 

Emma Parker

Level 1
Verified
Jul 18, 2018
15
Did you check different VPN providers? I'm using PureVPN do you have any data for purevpn? Or you can share me the resources to test vpn provider so I can do it on my own
 

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
I don't understand why chromium project developers doesn't say or do something to us about the webrtc problem, they know that this is a privacy scab and the people complain a lot about it, the problem with the Extensions that supposedly block the webrtc flag doesn't works correctly as it should, because those EXT's don't have the low level permits when you launch the shorcut chromiums browser-based , those extensions are not active before the browser opens and always end up filtering the real ip, a few microseconds un protected are enough to reveal your ip, adblockers also fail in this task. Webrtc can only be blocked, by using internal low-level flags as firefox inside about:config, and with external apps like adguard installed in your system that can control the navigator before launch. adguard helps a lot since it is anticipated when the OS turns on the adguardservice when logging sesión to the desktop and adguard tray icon.
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
I don't understand why chromium project developers doesn't say or do something to us about the webrtc problem
Did you ever consider the benefits of WebRTC and why it's so widely supported by major browsers.
 

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
Did you ever consider the benefits of WebRTC and why it's so widely supported by major browsers.

Ofcourse, but i preffer security more than cloud benefits. of that I have no doubt, I've always had webrtc disabled and I don't feel any difference because what I do on internet is not so demanding, I only exhort the developers to allow a flag so that users who decide if want or disable those aditions. with webrtc disabled I can watch videos, I can install extensions and I can participate in forums. nothing compelling.
 

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
No, your DNS resolver does NOT validate DNSSEC signatures.

And it is show my VPN IP instead of my ISP when VPN is on. In addition, Google and What Is My IP? Shows your real IP - IPv4 - IPv6 - WhatIsMyIP.com® show my VPN IP instead of ISP IP when the VPN is on.

can you see the three links. you re confusied because MalwareTips changes the links to title.
1 - whoer.net is an website to test your anonimity (it can see the real ip or vpn, and if these vpns are bad configured, included less configurations on your navigators and system. can detect through webrtc your real ip.
2 - doileak,net is an website to test your anonimity (it can see the real ip or vpn, and if these vpns are bad configured, included less configurations on your navigators and system. can detect through webrtc your real ip.
3- dnssec.vs.uni-due.de can server to see the filtration on the dns provided from VPN service.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top