A bug affecting some VPN services can be used to figure out a computer’s real IP addresses, including those of BitTorrent users, which could pose a huge privacy and possibly a legal risk.
The vulnerability affects those services that allow port forwarding, according to VPN provider Perfect Privacy, which wrote about the issue on Thursday.
A successful attack requires a couple of conditions to be met: the attacker must be on the same VPN network as the victim, who also has to be lured into connecting to a resource controlled by the attacker.
By tricking a victim into opening an image file, for example, an attacker who has port forwarding enabled on their account can see the request from the victim’s real IP addresses.
“The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work,” Perfect Privacy wrote.
For the IP address leak attack to work, the attacker must know the victim’s VPN exit IP address, which Perfect Privacy suggested could be discovered by luring a victim to a website under their control.
Perfect Privacy tested nine VPN providers before it went public with the flaw. Five were vulnerable, and those providers have been notified, it said.
But the company warned “other VPN providers may be vulnerable to this attack as we could not possibly test all.”
The vulnerability could be used to unmask people who are using BitTorrent clients to download content, wrote Darren Martyn, a security enthusiast and penetration tester, on his blog.
The BitTorrent protocol is used by client programs such as uTorrent to download content distributed among many users across the Internet. The entertainment industry has waged legal battles aimed at stopping the sharing of copyrighted content on file-sharing services.
To make it harder for their computer’s real IP address to be identified, those downloading content often use VPNs. In theory, it makes their computers harder to link back to an ISP, depending on how a VPN provider responds to legal requests.
Martyn outlined how the entertainment industry could use the flaw to identify computers downloading protected content in a section described on his blog as “How to be evil.”
“I believe this kind of attack is probably going to be used heavily by copyright-litigation firms trying to prosecute torrent users in the future, so it’s probably best to double check that the VPN provider you are using does not suffer this vulnerability,” he wrote.