× TECHNOLOGY
SOFTWARE NETWORKING CLOUD IT SERVICES MOBILE SECURITY STORAGE IOT DATA ANALYTICS CYBER SECURITY ORACLE SAP BIG DATA
BUSINESS
DIGITAL MARKETING ERP RETAIL HEALTHCARE TELECOM
MAGAZINE
CURRENT ISSUE ARCHIVE
OPINION ABOUT US CONTACT US CLIENT FEEDBACK

BitTorrent users face security threat from VPN Bug

bittorrent users face security threat from vpn bug

Most internet users around the world use BitTorrent services to download their favourite content such as movies, software, songs, games, etc. Copyrighted content has easily made their way in to torrent sites, earning the ire of their owners. Now, the owners have a chance to identify the culprits uploading their content through the torrent sites.

A bug affecting some VPN services can be used to figure out a computer's real IP addresses, including those of BitTorrent users, which could pose a huge privacy and possibly a legal risk. The vulnerability affects those services that allow port forwarding, according to VPN provider Perfect Privacy, which wrote about the issue on Thursday.

Users using bittorrent services via a VPN network are susceptible to the attack. A successful attack requires the attacker to be on the same VPN network as the victim, who also has to be lured into connecting to a resource controlled by the attacker. By tricking a victim into opening an image file, for example, an attacker who has port forwarding enabled on their account can see the request from the victim's real IP addresses.

"The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work," Perfect Privacy wrote. For the attack to work, the attacker must know the victim's VPN exit IP address, which Perfect Privacy suggested could be discovered by luring a victim to a website under their control. Perfect Privacy tested nine VPN providers before it went public with the flaw. Five were vulnerable, and those providers have been notified, it said. But the company warned "other VPN providers may be vulnerable to this attack as we could not possibly test all."

The vulnerability could be used to unmask people who are using BitTorrent clients to download content, wrote Darren Martyn, a security enthusiast and penetration tester, on his blog. The BitTorrent protocol is used by client programs such as uTorrent to download content distributed among many users across the Internet. The entertainment industry has waged legal battles aimed at stopping the sharing of copyrighted content on file-sharing services.

"I believe this kind of attack is probably going to be used heavily by copyright-litigation firms trying to prosecute torrent users in the future, so it's probably best to double check that the VPN provider you are using does not suffer this vulnerability," he wrote.

MAGAZINES