Port Fail VPN security flaw exposes your true IP address
Summary: A
serious security flaw in VPN protocols used by companies en masse exposes the
real IP addresses of users.
A
vulnerability discovered in protocols used by virtual private networks (VPNs)
allows attackers to expose the true IP addresses of intended victims.In a security advisory posted this week by VPN provider Perfect Privacy, the
company says that the flaw, dubbed "Port Fail," affects VPN providers
which offer port forwarding and have no protection against IP leaks.
VPNs are used worldwide by the privacy conscious and to
circumvent geolocation-based content restrictions by disguising the true
location of a person. VPNs are also a way to bypass censorship in countries
that rule Internet access with an iron fist. The use of VPNs has also increased
post-Snowden as more of us are now concerned about who could be tracking our
online activity.
Naturally, a security flaw which leaves our true IP
addresses open for all to see defeats the purpose of VPNs, and the
vulnerability exposed by Perfect Privacy could prove dangerous for VPN
providers which are not aware of the vulnerability.The VPN
provider, which has protected its networks against an attack leveraging the
flaw, says there are several steps to execute a successful exploit.
An attacker needs to have an active account with the same
VPN provider as the victim, and must also know the victim's VPN exit IP
address, obtainable through torrent clients or by enticing victims to visit a
malicious page, and must set up port forwarding. It is irrelevant whether the
victim also has port forwarding -- which reroutes traffic to different
addresses -- active or not.
The hacker then connects to the same server gateway as
the victim, activates port forwarding and waits until the victim visits a
malicious website address -- where their true IP can be scraped."The crucial issue here is that a VPN user
connecting to his own VPN server will use his default route with his real IP
address as this is required for the VPN connection to work," the company
says.
"If another user (the attacker) has port
forwarding activated for his account on the same server, he can find out the
real IP addresses of any user on the same VPN server by tricking him into
visiting a link that redirects the traffic to a port under his control."According to Perfect Privacy, due to the nature of the
attack, all VPN protocols -- such as IPSec, OpenVPN and PPTP -- are affected,
as well as all operating systems.
The VPN provider tested the vulnerability with nine VPN
providers which offer port forwarding. In total, five were vulnerable, including Private
Internet Access (PIA), Ovpn.to and nVPN, which were notified before public
disclosure and have fixed the issue. However, Perfect Privacy suspects far more
firms are affected.
PIA awarded Perfect Privacy a bug bounty of $5,000 for
the disclosure.
Comments
Post a Comment