VPN protocol flaw allows attackers to discover users’ true IP address
The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited to reveal the real IP address of users.
Dubbed Port Fail, the flaw affects all VPN protocols (IPSec, OpenVPN, PPTP, etc.) and all operating systems.
“The attacker needs to meet the following requirements: 1. Has an active account at the same VPN provider as the victim, 2. Knows victim’s VPN exit IP address (can be obtained by various means, e.g. IRC or torrent client or by making the victim visit a website under the attackers control), and 3. The attacker sets up port forwarding. It makes no difference whether the victim has port forwarding activated or not,” they shared in a blog post, along with a step-by-step explanation of how the bug can be exploited.
The company has offered advice for VPN providers on what to do to plug this hole, but also did something that they should definitely be praised for: they tested nine prominent VPN providers that offer port forwarding for the flaw, and notified the five that were vulnerable of the fact before they went public with the information.
Thank-you messages on Twitter revealed that among the affected providers were Private Internet Access (PIA) and nVPN.
“However, other VPN providers may be vulnerable to this attack as we could not possibly test all existing VPN providers,” the team pointed out. Hopefully, these providers are working mitigating the issue.
Security researcher Darren Martyn also has helpful write-up about possible attacks exploiting the flaw.
“I believe this kind of attack is probably going to be used heavily by copyright-litigation firms trying to prosecute Torrent users in the future, so it is probably best to double check that the VPN provider you are using does not suffer this vulnerability. If they do, notify them, and make sure they fix it,” he noted.