Wednesday05 October 2022

New Browser Based Flaw Leaks VPN Users' IP Addresses

Reading time is around minutes.

Privacy on the internet is a hard thing to achieve. For starters there are tons of companies that are very interested in what you do and where you go online so they can get you to buy things. On top of that there are the spying eyes of the government watching to make sure you are not a bad guy and storing all of this data in massive warehouses. This mass data collection seems to exist in every single device we own; from laptops to phone to smart TVs. It is enough to make someone paranoid, or at least to look for some form of privacy when connected to the internet.

For many the idea is the use of a VPN (Virtual Private Network) service. These services allow you to connect to the internet through a proxy that is supposed to mask your real IP address and keep the spying at bay. The use of VPN services has exploded in the months following the revelations by Edward Snowden on how much information governments gather about us.

Sadly even these services have had their flaws and, at times, have left their users just as exposed as someone directly connected to the internet. The latest of these flaws turns out to be browser and OS related and not directly tied to any one source. The flaw is in WebRTC and the browsers that support them. This flaw allows a website to request (and get) IP address information from certain VPN servers called STUN Servers (Session Traversal Utilities for NAT). What these servers do is translate your address to a new public IP address and vice versa through a common protocol called NAT (Network Address Translation) and to keep the packets flowing to and from you without any loss of data during the micro seconds it takes to make the change. To do this they have to keep a table of your VPN based public IP and your real one. Home routers perform a similar (although more primitive) function in translating private IP addresses to public and back.

The requesting website merely uses a script to request this information when a web page is loaded and catalogs it like it would regular visits. It is a very simplistic method and it also has a pretty simple fix. So far the issue appears to exist only in Windows based systems that are running FireFox and Chrome. These browsers have a number of plug-ins that can mitigate this flaw. For FireFox you can use NoScript or set the media.peerconnection.enabled setting to false (you get there by typing about:config in the address bar). Chrome can be hardened against this by installing WebRTC Block or ScriptSafe.

Alternately you can setup your home router/firewall to connect to your VPN service directly. This removes the likelihood of a software based flaw from exposing your information. These steps will not give you 100% protection, but then again nothing will. If you want to check the security of your browsing habits including if you are vulnerable to the WebRTC flaw you can check out the links below. As always, stay safe out there.

WebRTC Flaw Check
DNS Leaks, Tor and Other Checks

Tell us what you think

Last modified on Monday, 02 February 2015 06:54

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.