Routing ‘Feature’ can expose VPN users’ real IP-adresses

A VPN is generally touted as an ideal tool to remain anonymous online, but this is more easily said than done. This week ProstoVPN revealed a widespread issue that can in many cases expose the true IP-addresses of users, unless proper action is taken.

A few weeks ago we covered a security flaw which allowed attackers to uncover the real IP-addresses of VPN users, if their providers allow forwarding on their network.

The news was picked up widely as it affected millions of users. However, it is just one of the many possible exploits VPN users are facing.

This week another issue was highlighted by ProstoVPN. This “vulnerability” affects both users with a direct connection and those with routers that have UPnP port forwarding enabled.

The issue boils down to a rather basic network routing feature where UDP listening software (e.g. torrent clients) respond to packets that are sent to the user’s ISP IP-address, through the VPN interface.

This means that a potential attacker can link a VPN IP-address to a user’s ISP IP-address.

The problem
route
The issue can affect users on all operating systems and is not always easy to fix on the user end. VPN providers with custom software can address it, but with the standard OpenVPN software users have to take action themselves.

While the scope of the issue is large, as many users and providers have yet to address the issue, it requires quite a bit of effort to carry out an attack. It basically requires the attacker to send UDP packets to the entire Internet.

In addition, there’s the possibility of false positives which means that it’s harder to pinpoint the exact ISP IP-address. With this in mind, it seems unlikely that monitoring companies will attempt to expose every BitTorrent user with a VPN.

ProstoVPN informs TorrentFreak that they alerted 11 providers, and two confirmed that they have fixed the issue with a software update.

“Information about this ‘feature’ was sent to 11 VPN providers and only five of them replied: Private Internet Access and Perfect Privacy have released updated software which blocks incoming connections.”

Not all providers were equally responsive and one suggested that the issue should be addressed by the users. There is some truth to that, but the same provider does protect its users against similar problems on the user-side, such as DNS, IPv6 and WebRTC leaks.

While there’s no need for outright panic, it is a good development that these type of problems are being highlighted. It prompts VPN providers to take action and users to remain vigilant.

That said, it also shows that 100% anonymity is pretty much impossible.

More details on the routing “feature” and its consequences are available in ProstoVPN’s article and in the statements published by Perfect Privacy and Private Internet Access.

Update: TorGuard informs TF that they were one of the notified VPN providers and that they’ve addressed the issue.

Update: CyberGhost tells TF that their Windows and Mac app are not affected by this issue. The issue was fixed two years ago.

Source: TorrentFreak


This entry was posted in and tagged .

Comments

News and articles

The United States Now Needs To Be Part of Any Privacy Threat Model

When I was working in the European Parliament, there was one quote that stuck with me: “you’ll never see somebody’s own government listed among the threats to a customer’s privacy in their marketing material”. For all the companies out there wanting to “help” you with your own data – mail spam filters, big data processors, cloud services, and so on – there’s always a cleptocratic government lurking in the background and which is an utter and unacceptable threat to the security of that data.


SlemBunk malware for Android is stealing Bank details

Android users all over the world have been falling victims to a new type of malware that the cybersecurity firm FireEye is calling SlemBunk. The dangerous malware is a type of Trojan that (having been launched for the first time) runs in the background at all times – ready to steal the banking credentials of […]


Routing ‘Feature’ can expose VPN users’ real IP-adresses

A VPN is generally touted as an ideal tool to remain anonymous online, but this is more easily said than done. This week ProstoVPN revealed a widespread issue that can in many cases expose the true IP-addresses of users, unless proper action is taken.


Greek banks hit by cybercriminals demanding Bitcoin ransom

Banks in Greece have been hit by hackers demanding that a ransom is paid in Bitcoins. The hackers, known as the Armada Collective, are believed to have brought down the operations of three Greek banks for a number of hours last Thursday 26. In response, Greek authorities sent in a team of cyber security experts and intelligence personnel who managed to restore the system within a few hours.