IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

VPN flaw could expose real IP address to hackers

Bug could endanger privacy of VPN users

VPN

A flaw in the protocols used by virtual private networks has been discovered. The bug could enable hackers to expose the real IP address if a victim. The issue could pose a huge privacy risk.

According to VPN provider Perfect Privacy, the flaw, dubbed "Port Fail", affects VPN services providing port forwarding. The flaw leaves open a victim's true IP address open for all to see, defeating the purpose of a VPN.

To mount an attack, the hacker must know the victim's VPN exit IP address. In order to get this, a hacker need to trick users into opening a specially-crafted file. The hacker has to have port forwarding enabled but the victim doesn't have to have it activated.

The hacker would also have to be on the same VPN network and lure the victim into connecting to a resource controlled by the miscreant. The firm said that the leak affects all users.

"The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work," said the firm on a blog post.

The company tested nine VPN providers and found five to be vulnerable to this attack. It said it had notified those providers.

The firm said that in order to mitigate attacks, VPN firm should implement firewall rules at the VPN server side in order to block access to forwarded ports from users' real IP address.

Penetration tester Darren Martyn said in a blog post that the flaw could be used by media companies to unmask BitTorrent users downloading movies or music.

"I believe this kind of attack is probably going to be used heavily by copyright-litigation firms trying to prosecute Torrent users in the future, so it is probably best to double check that the VPN provider you are using does not suffer this vulnerability. If they do, notify them, and make sure they fix it," he said.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
The benefits of a hardware update for SMBs
Sponsored

The benefits of a hardware update for SMBs

2 Aug 2022