Security Flaw Leaks VPN Users IP
In a post-Snowden era, more people are turning to anonymity services such as VPN to hide their online identity and boost their internet security. A virtual private networks (VPN) is a network that allows users to create a secure network connection over a public or private network.
Recently TorrentFreak reported a massive security flaw affecting WebRTC-supporting browsers such as Firefox and Chrome. Real-time-communication, or RTC, was developed to help certain types of connections between browsers to work without the need of additional plugins.
Also Read: Air Gap Won’t Secure Your Computer Anymore
VPN IP-Addresses Logged
With a few lines of codes, websites sent requests to a STUN server and logged users’ VPN IP-addresses as well as the users home IP-address, the one that’s supposed to be hidden. Websites can even request the users local network address as well. This isn’t the first-time people have worried about the security of WebRTC.
People using Canary, Nightly, and Bowser, are also vulnerable, The local IP address leaks should not be a problem for Internet Explorer or Safari users unless they have manually added WebRTC.
GitHib published a demo by Daniel Roesier that allows you to check if you are affected by this security flaw. In a talk with TorrenFreak, TorGuard’s CEO mentioned another fix for the vulnerability.
“Perhaps the best way to be protected from WebRTC and similar vulnerabilities is to run the VPN tunnel directly on the router. This allows the user to be connected to a VPN directly via Wi-Fi, leaving no possibility of a rogue script bypassing a software VPN tunnel and finding one’s real IP. During our testing, Windows users who were connected by way of a VPN router were not vulnerable to WebRTC IP leaks even without any browser fixes,”
This is a good reminder that even when you think you’re safe, it’s better to double and triple check.