Use a VPN? You could be leaking your real IP with WebRTC
I had this fixed awhile back but since I installed a new computer/os I forgot to change my settings. If you use firefox or chrome you can be affected by the WebRTC function, i’ll post the details below but basically any web master can craft script to show him your real ip, local ip, and vpn ip. Be sure to make sure you get this fixed, otherwise using a VPN is useless.
article from: https://thehackernews.com/2015/02/webrtc-leaks-vpn-ip-address.html
An extremely critical vulnerability has recently been discovered in WebRTC (Web Real-Time Communication)
, an open-source standard that enables the browsers to make voice or video calls without needing any plug-ins.
Late last month, security researchers revealed a massive security flaw that enables website owner to easily see the real IP addresses of users through WebRTC, even if they are using a VPN or even PureVPN to mask their real IP addresses.
The security glitch affects WebRTC-supporting browsers such as Google Chrome and Mozilla Firefox, and appears to be limited to Windows operating system only, although users of Linux and Mac OS X are not affected by this vulnerability.
HOW DOES THE WebRTC FLAW WORKS
WebRTC allows requests to be made to STUN (Session Traversal Utilities for NAT) servers which return the “hidden” home IP-address as well as local network addresses for the system that is being used by the user.
CHECK YOURSELF NOW
published by developer Daniel Roesler on GitHub allows people to check if they are affected by the security glitch.
Also, you can go through the following steps in order to check if you’re affected:
- If your browser is secure, you should see something like this:
- If your browser is affected by this issue, you’ll see information about your true IP address in the WebRTC section.
HOW TO PROTECT YOURSELF
Luckily the critical security flaw is quite easy to fix.
For Chrome users :
Google Chrome and other Chromium-based browser users can install the WebRTC Block
extension or ScriptSafe
, which both reportedly block the vulnerability.
For Firefox Users :
. To fix, try the following steps:
- Type about:config in the browser’s address bar and hit enter.
- Confirm you will be careful if the prompt appears.
- Search for media.peerconnection.enabled.
- Double-click the preference to set it to false.
- This turns of WebRTC in Firefox.