Home / Software & Gaming / Security / VPN flaw could allow anyone to view users’ real IPs

VPN flaw could allow anyone to view users’ real IPs

In the wake of the Edward Snowden revelations, obfuscating systems like encryption, the Tor browser and virtual private networks (VPN) have been championed by privacy advocates the world over as the best ways to protect your data online. However, that latter step may not be as useful as initially thought, as a new bug has been discovered that could make it possible for anyone to view a user’s real IP with ease.

The issue occurs if someone attempting to find information on a VPN user, hooks themselves up to the same VPN service. From there, if they forward traffic to a specific port and are able to trick the user into visiting a certain URL, the connection will reveal their original IP address, according to Perfect Privacy (via TorrentFreak).

It’s even easier if the user is a torrent downloader, as then all the attacker has to do is port forward data to the standard Bittorrent port and they have the IP.


Source: Geralt/Pixabay

Affected companies included Private Internet Access, Ovpn.to and nVPN. They were told about the vulnerability a week ago however and have since fixed the problem. It wasn’t a difficult fix either, with PIA suggesting that it simply needed to block access to forwarded ports from clients’ real IP addresses.

Although this is obviously a serious issue, it should be taken into consideration that Perfect Privacy did use this opportunity to point out that while almost all VPNs are affected, its service isn’t, so there is some self promotion in this story.

Discuss on our Facebook page, HERE.

KitGuru Says: It really is difficult to anonymise yourself online these days. How far do you go in trying to protect your privacy? 

Become a Patron!

Check Also

Personal data of 533 million Facebook users leaked online

It looks like Facebook is going to be making headlines for all the wrong reasons again this week, as personal data from 533 million accounts has leaked online. The leak sees accounts from users in 106 countries compromised, including 32 million users in the US and 11 million users from the UK.