VPN flaw could expose real IP address to hackers
Bug could endanger privacy of VPN users
A flaw in the protocols used by virtual private networks has been discovered. The bug could enable hackers to expose the real IP address if a victim. The issue could pose a huge privacy risk.
According to VPN provider Perfect Privacy, the flaw, dubbed "Port Fail", affects VPN services providing port forwarding. The flaw leaves open a victim's true IP address open for all to see, defeating the purpose of a VPN.
To mount an attack, the hacker must know the victim's VPN exit IP address. In order to get this, a hacker need to trick users into opening a specially-crafted file. The hacker has to have port forwarding enabled but the victim doesn't have to have it activated.
The hacker would also have to be on the same VPN network and lure the victim into connecting to a resource controlled by the miscreant. The firm said that the leak affects all users.
"The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work," said the firm on a blog post.
The company tested nine VPN providers and found five to be vulnerable to this attack. It said it had notified those providers.
The firm said that in order to mitigate attacks, VPN firm should implement firewall rules at the VPN server side in order to block access to forwarded ports from users' real IP address.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Penetration tester Darren Martyn said in a blog post that the flaw could be used by media companies to unmask BitTorrent users downloading movies or music.
"I believe this kind of attack is probably going to be used heavily by copyright-litigation firms trying to prosecute Torrent users in the future, so it is probably best to double check that the VPN provider you are using does not suffer this vulnerability. If they do, notify them, and make sure they fix it," he said.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.