A new vulnerability has been discovered. It affects some VPN services and can be leveraged to disclose real IP addresses. Among the users who are endangered by this flaw are the active users of BitTorrent. The vulnerability, dubbed ‘Port Fail’, can put their privacy at risk. Some researchers even believe that the bug is of legal character.
What Services Are at Risk by the Flaw?
The problem influences any services that allow port forwarding. According to the researchers at Perfect Privacy, who discovered Port Fail, the IP leak can compromise the privacy of any user. The victim doesn’t necessarily need to use port forwarding. It’s the attacker who needs to set it up.
The security engineers have investigated the bug via nine eminent VPN providers which include port forwarding. The results of the research point out that five of them are prone to an attack via exploiting the vulnerability. The researchers have informed the service providers so that they can fix the issue before anything bad happens. However, it is important to note that more VPN services are likely to be vulnerable to the Port Fail vulnerability.
The Port Fail Vulnerability Explained
These are the requirements needed for an attack to take place:
- The attacker needs to have an active account at the same VPN provider as the victim.
- The attacker should know the victim’s VPN exit IP address (easy to obtain).
- The attacker needs to set up port forwarding.
Once those are met, the IP leak can be initiated. These are the steps, as explained by the researchers at Perfect Privacy:
1. The victim is connected to VPN server 18.104.22.168.
2. The victim’s routing table will look something like this:
0.0.0.0/0 -> 10.0.0.1 (internal vpn gateway ip)
22.214.171.124/32 -> 192.168.0.1 (old default gateway)
3. Attacker connects to same server 126.96.36.199 (knows victim’s exit through IRC or other means)
4. Attacker activates Port Forwarding on server 188.8.131.52, example port 12345
5. Attacker gets the victim to visit 184.108.40.206:12345 (for example via embedding on a website)
6. This connection will reveal the victim’s real IP to the attacker because of the “220.127.116.11/32 -> 192.168.0.1” vpn route.
Researchers warn that all VPN protocols such as IPSec, OpenVPN, PPTP, and all operating systems are affected by the flaw.
Affected VPN providers should apply one of the following:
Have multiple IP addresses, allow incoming connections to ip1, exit connections through ip2-ipx, have portforwardings on ip2-ipx
On Client connect set server side firewall rule to block access from Client real ip to portforwardings that are not his own.
Why Is BitTorrent Affected?
The explanation is quite simple. The BitTorrent protocol is implemented by client programs like uTorrent. Users run these programs to download content and share it with other users (peer-to-peer communities). Even though torrents have triggered many legal and copyright issues, they are still in use by millions of users across the globe. uTorrent users often apply VPN services in order to protect their real IP addresses,