Researchers have found a vulnerability in VPN networks that could allow hackers or scammers to access real IPs of the users.
Though, for the vulnerability to actually work there are some special conditions that are needed to be fulfilled but for hackers that are not something difficult.
What researchers found was if a VPN provider allows port forwarding (which is mostly allowed by VPN providers) on the user’s account and attackers know the exit IP of the user he can easily reveal user’s original IP.
Exit IP is very easy to find for the hackers as they can be acquired via public IRCs, torrent connection or even sites hijacked by the hackers (by making the user visiting one of the hijacked websites, hackers can get hold of his exit IP).
Once the hackers have the exit IP they just need to have an account on the same VPN service as the user and they are done with setting up the attack.
Now if the hackers can make the user access a resource hosted on the same VPN server, he can reveal user’s address with the help of internal routing table and port forwarding setting.
Researchers at Perfect Privacy tested this scenario on nine of the most popular VPN providers, five of them obliged to the scenario created and revealed user’s IP. VPN providers are notified of this vulnerability and have started working on fixing it.
Providers like OpenVPN, PPTP, or IPSec are by default affected because they are structured on OSI model and vulnerability works on the lower network of this model.
Researchers have recommended providers to:
* Use multiple IP addresses
* Allow incoming connection at IP1 and exit at IP2-IPx
* Allow port forward at IP2-IPx and not at IP1
* Don’t use Man-in-the-Middle IP for port forwarding operations
Also, they have asked VPN providers to install a server-side firewall to block real IP address to any port-forwarded connection that is other than user’s own.
But, with the market of VPN providers expanding each day many users might affect by this vulnerability.