WebRTC Security Hole Leaks real IP addresses -
[Updated 8/24/2015]
Virtual Private Network (VPN ) and proxy users could face serious security problems if they do not take appropriate measures to protect their accounts. The threat allows websites to see the local IP addresses at home, but is a solution for IPVanish users. The massive failure comes through WebRTC ( Web RTC Web Real-Time Communication ) and browsers that support this communication protocol.
What Web RTC?
If you're not familiar with WebRTC, it is ultimately the technology that simplifies the integration of real-time communications in a web browser. WebRTC is an open source protocol that supports browser applications to browser for voice calls, video chat and file sharing. It is a widely supported plugin and used among the most popular Internet browsers, including Mozilla Firefox and Google Chrome.
How leaks IP addresses?
In this WebRTC security hole, a website can use a simple script to access the IP address information from STUN (Session Traversal Utilities for NAT) servers. These STUN servers are regularly used by VPN servers are used to translate a local address IP address of a new public IP address and vice versa thanks to a protocol called NAT (Network Address Translation). To do this, the STUN server maintains a table of your basic public IP-VPN and your local ( "true") during a connectivity. Local addresses and public IP of the user can be derived from these applications with JavaScript. Wireless routers in the home replicate a similar function in the translation of private IP addresses to the people and back.
A researcher from San Francisco, Daniel Roesler, posted a demonstration to better illustrate how the RTC web vulnerability works. The STUN server sends a ping back that contains the IP address and client port. Demo Roesler initially claimed that browser plug-ins can not block the vulnerability, but in reality, there are several easy solutions available to fix the security hole and mitigate this defect.
Who is affected and how can the security hole fixed?
Although existing reports are only Windows operating systems are affected, this is a browser issue. Both Windows and Macintosh users are also at risk. By default, Internet Explorer and Safari browsers are not affected by the fault WebRTC. Users of Firefox and Chrome on the other hand have a problem to solve.
Mozilla Firefox users can download NoScript Firefox Add-Ons or by typing about: config in the address bar and setting media.peerconnection.enabled "to" False.
Chrome Unfortunately, users are assigned to a point where there is not a complete protection. While the extension called WebRTC limiter Network was released during the summer of 2015 as a solution to this issue, there are some reports that there are still leaks in specific cases.
Alternately, those who use the affected browsers can set up a wireless home router to connect to their VPN service directly. This removes the likelihood of a software-based (in this case, a browser based) failure to show any information about the user.
0 Komentar