Announcement

Epic for iOS and Android are live in the App Store and the Android Play Store. We're EpicBrowser on Twitter and on Facebook. Please feel free to also email our Founder directly with issues or questions: alok at hiddenreflex dot com

#1 2015-01-31 10:44:45

Tyler
Guest

Huge Security Flaw Leaks VPN Users’ Real IP-Addresses

VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC. The vulnerability is limited to supporting browsers such as Firefox and Chrome, and appears to affect Windows users only. Luckily the security hole is relatively easy to fix.

The Snowden revelations have made it clear that online privacy is certainly not a given.

Just a few days ago we learned that the Canadian Government tracked visitors of dozens of popular file-sharing sites.

As these stories make headlines around the world interest in anonymity services such as VPNs has increased, as even regular Internet users don’t like the idea of being spied on.

Unfortunately, even the best VPN services can’t guarantee to be 100% secure. This week a very concerning security flaw revealed that it’s easy to see the real IP-addresses of many VPN users through a WebRTC feature.

With a few lines of code websites can make requests to STUN servers and log users’ VPN IP-address and the “hidden” home IP-address, as well as local network addresses.

The vulnerability affects WebRTC-supporting browsers including Firefox and Chrome and appears to be limited to Windows machines.

A demo published on GitHub by developer Daniel Roesler allows people to check if they are affected by the security flaw.

A demo published on GitHub by developer Daniel Roesler allows people to check if they are affected by the security flaw.

https://diafygi.github.io/webrtc-ips/

Offline

#2 2015-02-13 14:19:23

EnOne
Guest

Re: Huge Security Flaw Leaks VPN Users’ Real IP-Addresses

link to a Lifehacker article going over this issue and how to disable WebRTC in Chrome and Firefox.

http://lifehacker.com/how-to-see-if-you … 1685180082

Offline

#3 2015-02-24 09:20:09

alok
Administrator

Re: Huge Security Flaw Leaks VPN Users’ Real IP-Addresses

Great posts & thanks!!  We're working on disabling webrtc by default / make it click-to-play essentially.  An update with this is coming soon.

Offline

#4 2019-12-13 22:11:38

alok_epicteam
Administrator

Re: Huge Security Flaw Leaks VPN Users’ Real IP-Addresses

Epic blocks such requests...so webrtc should work in Epic but without having the IP leak possibility.

Offline

Board footer