WebRTC Security Hole Leaks Real IP Addresses (Even With VPN!)

A widespread web browser exploit is leaking IP addresses, even those protected by VPN.
Both VPN and proxy users could face serious security issues if they don’t take proper steps to protect themselves. The massive flaw comes in by way of WebRTC (short for Web Real-Time Communication) and the browsers that support it: Google Chrome, Firefox, and Opera.

The threat allows websites to see your unique IP addresses, even with a VPN.
What is WebRTC?
If you’re not familiar with WebRTC, it’s a technology that simplifies real-time communications in a web browser. WebRTC is an open-sourced protocol that supports browser-to-browser apps for voice calling, video chat, and file sharing. It’s a widely-supported plugin used by the most popular desktop web browsers, save for Internet Explorer, Edge, and Safari.

How are IP addresses leaking?
So, in this WebRTC security hole, a website can use a simple script to access IP address information from STUN servers.

To do this, the STUN server maintains a table of both your VPN-based public IP and your local (“real”) IP during connectivity. The local and public IP addresses of the user can be pulled from these requests with JavaScript.

Wireless routers at home replicate a similar function in translating private IP addresses to public and back. A researcher from San Francisco, Daniel Roesler, posted a demonstration to illustrate how the WebRTC vulnerability works. The STUN server sends a ping back that contains the IP address and port of the client. While Roesler’s demo claimed that the browser vulnerability was unfixable, there are several solutions.

Who is affected and how can the security hole be fixed?
This is a web browser problem, so both Microsoft and Apple loyalists are equally at risk. Default browsers Internet Explorer and Safari are not affected by the WebRTC flaw because they do not support the protocol. But Firefox and Chrome users have a problem to fix.

Firefox users can either download NoScript from Firefox Add-Ons, or type about:config in the address bar and set ‘media.peerconnection.enabled‘ to ‘False’.

Running Opera? Your WebRTC protection is a complete solution. Use the extension of WebRTC Leak Prevent to protect your browser.

Users of Chrome are unfortunately affected to a point where there is no complete protection. While an extension called the WebRTC Network Limiter was released over the summer of 2015 as a fix to this issue, there are some reports that there are still leaks in specific instances.

Alternatively, those that use the affected browsers can set up a wireless home router to connect to their VPN service
directly. This removes the likelihood of a software-based (or in this case, a browser-based) flaw from exposing any information about the user.

About the Author
freemexy jack

You must logged in for view and post comments.