VPN Compromised? WebRTC Security Hole Leaks Real IP Addresses

IPVanish has reported on the real possibility that Virtual private network (VPN) and proxy users can face serious security issues if they don’t take proper steps to protect their accounts. The threat allows websites to see local home IP addresses, but there is a solution for IPVanish users. The massive flaw comes in by way of WebRTC (Web RTC, Web Real-Time Communication) and the browsers that support this communications protocol.

What is Web RTC?

If you’re not familiar with WebRTC, it’s ultimately the technology that simplifies an incorporation of real-time communications into a web browser. WebRTC is an open-sourced protocol that supports browser-to-browser apps for voice calling, video chat, and file sharing. It’s a widely supported plugin and used amongst popular Internet browsers, most notably Mozilla Firefox and Google Chrome.

Who is affected and how can the security hole be fixed?

While there are existing reports that only Windows operating systems are affected, this is a browser-problem. Both Windows and Macintosh users are equally at risk. Default browsers Internet Explorer and Safari are not affected by the WebRTC flaw. Firefox and Chrome users on the other hand have a problem to fix.
Mozilla Firefox users can download NoScript from Firefox Add-Ons or by typing about:config in the address bar and setting ‘media.peerconnection.enabled‘ to ‘False.’
Google Chrome users should either install a plugin such as WebRTC Block or ScriptSafe., or enter chrome://flags/ into the address bar and enable‘Disable WebRTC device enumeration.’

Are you Affected?

The best way to check if you are affected by said WEB Rtc check is to check what IP is being displayed.
Goto a WAN IP checking website like www.whatismyip.com and record the IP mentioned.
Then goto the WEB RTC test website at Gitub and check if the IP is the same as the one you saw previously.
If it’s different, implement the above steps or change your VPN Provider.

Thanks again to IPVanish for notifying us of this.

IPVanish

Leave a reply