Security hole in VPNs with port forwarding exposes users’ IP addresses

All VPN protocols can have a vulnerability where an attacker using the same service can easily find out the IP address of his target when they connect via, for example, BitTorrent.

The vulnerability was discovered by VPN provider Perfect Privacy. The company calls the security hole Port Fail. The problem occurs with vpn providers that offer port forwarding. An attacker will need to use the same VPN service as his target and also need to know his target’s exit IP address. This can be found out, for example, by sitting in the swarm of the same Torrent as the target.

After that, it is important for the attacker to connect to the same VPN server and enable port forwarding on a port of his choice. The attacker must then entice the victim to access a server prepared for the attack, for example by embedding an image from that server in a site. Then, when the target goes to the address of the vpn server through the specific open port, the server directs the traffic to the attacker and because of the port forwarding, the ip address ends up with the attacker. After all, the target connects with its own ip address to the vpn server.

Perfect Privacy says it has tested the method at nine major VPN providers, five of which had the vulnerability. These have been notified in advance and the holes must have been closed by now. One of those VPN providers, Private Internet Access, credits Perfect Privacy for being generous in the form of a $5,000 reward under its Whitehat Alert Security Program. That writes Torrentfreak. It is not completely clear how widespread the security hole is. “There is no way we can test all VPN providers,” says Perfect Privacy.