Most internet users around the world use BitTorrent services to download their favourite content such as movies, software, songs, games, etc. Copyrighted content has easily made their way in to torrent sites, earning the ire of their owners. Now, the owners have a chance to identify the culprits uploading their content through the torrent sites.
A bug affecting some VPN services can be used to figure out a computer's real IP addresses, including those of BitTorrent users, which could pose a huge privacy and possibly a legal risk. The vulnerability affects those services that allow port forwarding, according to VPN provider Perfect Privacy, which wrote about the issue on Thursday.
Users using bittorrent services via a VPN network are susceptible to the attack. A successful attack requires the attacker to be on the same VPN network as the victim, who also has to be lured into connecting to a resource controlled by the attacker. By tricking a victim into opening an image file, for example, an attacker who has port forwarding enabled on their account can see the request from the victim's real IP addresses.
"The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work," Perfect Privacy wrote. For the attack to work, the attacker must know the victim's VPN exit IP address, which Perfect Privacy suggested could be discovered by luring a victim to a website under their control. Perfect Privacy tested nine VPN providers before it went public with the flaw. Five were vulnerable, and those providers have been notified, it said. But the company warned "other VPN providers may be vulnerable to this attack as we could not possibly test all."
The vulnerability could be used to unmask people who are using BitTorrent clients to download content, wrote Darren Martyn, a security enthusiast and penetration tester, on his blog. The BitTorrent protocol is used by client programs such as uTorrent to download content distributed among many users across the Internet. The entertainment industry has waged legal battles aimed at stopping the sharing of copyrighted content on file-sharing services.
"I believe this kind of attack is probably going to be used heavily by copyright-litigation firms trying to prosecute torrent users in the future, so it's probably best to double check that the VPN provider you are using does not suffer this vulnerability," he wrote.
Indian Users Can Now Make Payments via WhatsApp
Times Internet posts jump in revenue, reaches 557 million active users
China Launches a Global Data Security Initiative
Snapchat launches mental well-being feature for users in India
Reliance’s JioMeet is out of beta, available to all users
© 2021 CIO Bulletin. All rights reserved.