WebRTC Vulnerability leaks Real IP Addresses of VPN Users


An extremely critical vulnerability has recently been discovered in WebRTC (Web Real-Time Communication), an open-source standard that enables the browsers to make voice or video calls without needing any plug-ins.
Late last month, security researchers revealed a massive security flaw that enables website owner to easily see the real IP addresses of users through WebRTC, even if they are using a VPN or even PureVPN to mask their real IP addresses.
The security glitch affects WebRTC-supporting browsers such as Google Chrome and Mozilla Firefox, and appears to be limited to Windows operating system only, although users of Linux and Mac OS X are not affected by this vulnerability.
WebRTC allows requests to be made to STUN (Session Traversal Utilities for NAT) servers which return the “hidden” home IP-address as well as local network addresses for the system that is being used by the user.
A demonstration published by developer Daniel Roesler on GitHub allows people to check if they are affected by the security glitch.
Also, you can go through the following steps in order to check if you’re affected:
  • If your browser is secure, you should see something like this:
  • If your browser is affected by this issue, you’ll see information about your true IP address in the WebRTC section.
Luckily the critical security flaw is quite easy to fix.
For Chrome users :
Google Chrome and other Chromium-based browser users can install the WebRTC Block extension orScriptSafe, which both reportedly block the vulnerability.
For Firefox Users :
In case of Firefox, the only extensions that block these look ups are JavaScript blocking extensions such asNoScript. To fix, try the following steps:
  • Type about:config in the browser’s address bar and hit enter.
  • Confirm you will be careful if the prompt appears.
  • Search for media.peerconnection.enabled.
  • Double-click the preference to set it to false.
  • This turns of WebRTC in Firefox.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s