Home / Software & Gaming / Security / VPN flaw could allow anyone to view users’ real IPs

VPN flaw could allow anyone to view users’ real IPs

In the wake of the Edward Snowden revelations, obfuscating systems like encryption, the Tor browser and virtual private networks (VPN) have been championed by privacy advocates the world over as the best ways to protect your data online. However, that latter step may not be as useful as initially thought, as a new bug has been discovered that could make it possible for anyone to view a user's real IP with ease.

The issue occurs if someone attempting to find information on a VPN user, hooks themselves up to the same VPN service. From there, if they forward traffic to a specific port and are able to trick the user into visiting a certain URL, the connection will reveal their original IP address, according to Perfect Privacy (via TorrentFreak).

It's even easier if the user is a torrent downloader, as then all the attacker has to do is port forward data to the standard Bittorrent port and they have the IP.

vpnissues

Source: Geralt/Pixabay

Affected companies included Private Internet Access, Ovpn.to and nVPN. They were told about the vulnerability a week ago however and have since fixed the problem. It wasn't a difficult fix either, with PIA suggesting that it simply needed to block access to forwarded ports from clients' real IP addresses.

Although this is obviously a serious issue, it should be taken into consideration that Perfect Privacy did use this opportunity to point out that while almost all VPNs are affected, its service isn't, so there is some self promotion in this story.

Discuss on our Facebook page, HERE.

KitGuru Says: It really is difficult to anonymise yourself online these days. How far do you go in trying to protect your privacy? 

Become a Patron!

Check Also

Riot offering up to $100,000 to find Vanguard anti-cheat bugs

When Riot launched Valorant, it also launched a deeply rooted anti-cheat system, Vanguard. This anti-cheat …

2 comments

  1. “and are able to trick the user into visiting a certain URL” thats the key. A lot of tools to hack or spy need the user to do something in the first place. The best anti-virus/anti-hacking tool is u self.

  2. “and are able to trick the user into visiting a certain URL” thats the key. A lot of tools to hack or spy need the user to do something in the first place. The best anti-virus/anti-hacking tool is u self.