6 min read

The following news story was reported by the Nine Network just a week after New Year’s Day: an English teacher from Sydney was surprised when she found that her Facebook account was changing in strange ways.

Jennifer Howell first noticed that her profile photo had changed, thus prompting her to change her password; however, she was abruptly logged out and locked out of her account upon attempting to do so.

Later, she noticed that her profile had been hijacked by someone from the Middle East for the purpose of spreading radical propaganda.

Nine Network journalists tracked down another Facebook user in Melbourne whose account had been similarly hijacked by hackers in the Middle East, and the goal was essentially the same. Even though both cases were reported to the Australian Cybercrime Online Reporting Network, nothing could be done about the hijacking, which may have been facilitated by password sniffing over unsecured connections.

The Need for VPN ProtectionPackt1_vpn

[Image courtesy of CNET.com]

Seeing such worrisome reports about hacking is prompting many people to use virtual private networking (VPN) technology to secure their internet connections; however, these connections must be checked for potential leaks or they could be a waste of money.

In essence, VPN connections protect online privacy by creating a secure tunnel between the client (who typically uses a personal computing device to connect to the internet) and the internet.

A reliable VPN connection masks the user’s geographical location by means of providing a different internet protocol (IP) address, which is the calling card of every online connection. Moreover, these connections encrypt data transmitted during sessions and provide a form of anonymous browsing.

Like with almost all internet tools, VPN connections can also be subjected to certain vulnerabilities that weaken their reliability. Data leaks are a concern amongst information security researchers who focus on VPN technology, and they have identified the following issues:

WebRTC Leaks

Web Real-Time Communication (WebRTC) is an evolution of the Voice over Internet Protocol (VoIP) for online communications. VoIP is the technology that powers popular mobile apps such as Skype and WhatsApp; it has also replaced the legacy PBX telephone systems at many businesses.

Let’s say a company is looking to hire a new personnel. With WebRTC enabled on their end, they can direct applicants to a website they can access on their desktop, laptop, tablet, or smartphone to conduct job interviews without having to install Skype. The problem with WebRTC is that it can leak the IP address of users even when a VPN connection is established.

DNS Hijacking

The hijacking of domain name system (DNS) servers is an old malicious hacking strategy that has been appropriated by authoritarian regimes to enact internet censorship. The biggest DNS hijacking operation in the world is conducted by Chinese telecom regulators through the Great Firewall, which restricts access to certain websites and internet services.

DNS hijacking is a broad name for a series of attacks on DNS servers, a common one involves taking over a router, server or even an internet connection for the purpose of redirecting traffic.

In other words, hackers can impersonate websites, so that when you intend to check ABC News you will instead be directed to a page that resembles it, but in reality has been coded to steal passwords, compromise your identity or install malware. Some attacks are even more sophisticated than others.

There is a connection between WebRTC and DNS hijacking: a malware attack known as DNS changer that can be injected into a system by means of JavaScript execution followed by a WebRTC call that you will not be aware of.

This call can be used to determine your IP address even if you have connected through a VPN. This attack may be enhanced by a change of your DNS settings for the purpose of enlisting your computer or mobile device into a botnet to distribute spam, launch denial-of-service attacks or simply hijack your system without your knowledge.

Testing for Leaks

Packt2_webrtcleak

[Image courtesy of HowToGeek.com]

In addition to WebRTC leaks and DNS queries, there are a few other ways your VPN can betray you: public IP address, torrents, and geolocation. The easiest way to assess if you’ve got a leakage is to visit IPLeak.net with your VPN turned off.

Let this nifty site work its magic and make note of the information it offers. Leave the site, then turn your VPN on, and repeat the tests.

Now compare the results.

The torrents and geolocation tests are interesting but probably not as useful or as likely a culprit as the DNS. Your device navigates the internet by communicating with DNS servers that translate web URLs into numeric IP addresses. Most of the time, you’ll have defaulted through your ISP servers, which often leak like cheesecloth.

The bad news is that, even with a VPN in place, leakage through your local servers can give up your physical location to spying eyes. To combat this, VPN services route their customers through servers separate from their ISP. Now that you’ve proven your data is leaking, what can you do about it?

Preventing Leaks and Choosing the Right VPN

Something you can do even before installing a VPN solution is to disable WebRTC in your browser. Some developers have already made this a default configuration, but many still ship with this option enabled.

If you search for “WebRTC” within the help file of your browser, you may be able to find instructions on how to modify the flags or .config file. However, proceed with caution. Take the time to read and understand reliable guides such as this one from security researcher Paolo Stagno.

Here are other preventative measures:

  • When configuring your VPN, go with the servers it suggests, which will likely not be those of your ISP but rather servers maintained by the VPN company. Not all VPN companies have their own servers, so be aware of that when considering your options. 
  • Be aware that the internet is transitioning its IP address naming system from IPv4 to IPv6. Without diving too deep into this topic, just be aware that if your VPN has not upgraded its protocols, then any site with a new IPv6 address will leak. Look for a VPN service compatible with the new format. 
  • Make sure your VPN uses the newest version of the OpenVPN protocol. 
  • Windows 10 has an almost impossible to change default setting that chooses the fastest DNS server, resulting in the chance it might ignore your VPN server and revert back to the ISP. The OpenVPN plugin is a good way to fight this.

Final Thoughts

In the end, using a leaky VPN defeats the security purpose of tunneled connections. It is certainly worth your while to evaluate VPN products, read their guides and learn to secure your system against accidental leaks.

Keep in mind this is not a ‘set it and forget it’ problem. You should check for leakage periodically to make sure nothing has changed with your system. The winds of change blow constantly online and what worked yesterday might not work tomorrow.

As a final suggestion, make sure the VPN you use has a kill-switch feature that breaks your connection in the event it detects a data leak.

Author Bio

Gary Stevens is a front-end developer. He’s a full-time blockchain geek and a volunteer working for the Ethereum foundation as well as an active Github contributor.

Read Next

Dark Web Phishing Kits: Cheap, plentiful and ready to trick you

How to stop hackers from messing with your home network (IoT)

Privacy Australia – can you be tracked if you use a VPN?

What you need to know about VPNFilter Malware Attack