Now Virtual private network (VPN) and proxy users need to be
more careful in order to protect their accounts as new serious security issues
has now come into existence. The threat allows websites to see local home IP
addresses the massive flaw comes in by way of WebRTC (Web RTC, Web Real-Time
Communication) and the browsers that support this communications protocol.
What is Web RTC?
WebRTC is ultimately the technology that simplifies an
incorporation of real-time communications into a web browser. It is an open-sourced
protocol that supports browser-to-browser apps for voice calling, video chat,
and file sharing. It’s a widely supported plugin and used amongst popular
Internet browsers, most notably Google Chrome and Mozilla Firefox.
How are IP addresses leaking?
In this WebRTC security issue, a website can use a simple
script to access IP address information from STUN (Session Traversal Utilities
for NAT) servers. These STUN servers are actually those servers that are
regularly employed by VPNs and through a protocol called NAT (Network Address
Translation) it translate a local home IP
address to a new public IP address and vice-versa. So to do this at the time of
connectivity the STUN server maintains a table of your VPN-based public IP and
your local one. The local and public IP addresses of the user can easily be
fetched from these requests with JavaScript. Wireless routers also replicate
the same function in translating private IP addresses to public and back.
A researcher from San Francisco, Daniel Roesler, better
illustrate just how the Web RTC vulnerability works. The STUN server sends a
ping back that contains the IP address and port of the client. Roesler
initially claimed that browser plugins cannot block the vulnerability, but actually,
there are several easy fixes available to patch the security hole and remove
this flaw.
Who is affected and how can the security hole be fixed?
Both Windows and Macintosh users are equally at risk but
Default browsers Internet Explorer and Safari are actually safe with this. Firefox
and Chrome users on the other hand have a problem to fix.
If you are a Mozilla Firefox user then:
Download NoScript from Firefox Add-Ons or type about:config
in the address bar and setting ‘media.peerconnection.enabled‘ to ‘False.’
If you are Google Chrome users then:
Either install a plugin such as WebRTC Block or ScriptSafe.,
or enter chrome://flags/ into the address bar and enable ‘Disable WebRTC device
enumeration.’
Alternatively, those who all are using the affected browsers
can setup a wireless home router to connect to their VPN service directly. This
removes the likelihood of a software-based flaw from exposing any information
about the user.
If you are
really caught into such situation or get infected with such program,
then you need to uninstall it as soon as possible using the “Add or Remove
Programs” feature in Windows. If by doing this you are still unable to fix out
this problem then you can use spyhunter Removal Tool, a free software to scan
and fix any unwanted or junk software.