Just recently, a security issue on VPNs was revealed. The flaw was described as “a simple port forwarding trick” discovered by the researchers of a certain VPN service provider. It’s a bug that could enable hackers to expose the real IP address of a victim, which could pose a huge security risk for VPN users.
It is a serious vulnerability affecting VPN service providers with port-forwarding services, also called the “Port Fail.”
“We have discovered a vulnerability in a number of providers that allows an attacker to expose the real IP address of a victim,” explains the company who revealed the said security flaw. “Port Fail” affects VPN service providers that offer port forwarding and have no protection against this specific attack.” The flaw affects all VPN protocols across any operating system.
According to the report from BGR.com, as long as an attacker and a regular VPN user employ the same service, the trick can be exploited. The IP address of the victim can be discovered by forwarding traffic on a particular port.
The attacker needs to meet the following requirements to be able to do the trick:
- Has an active account at the same VPN provider as the victim
- Knows victim’s VPN exit IP address (can be obtained by various means, e.g. IRC or torrent client or by making the victim visit a website under the attacker’s control)
- The attacker sets up port forwarding. It makes no difference whether the victim has port forwarding activated or not.
FrootVPN is not affected by this recent security flaw as incoming traffic to the VPN endpoint of users is never allowed, ensuring the highest security possible.
The people behind this best VPN service are all aware of the said vulnerability long time before the news came out, so they’ve kept the service ultra secure, truly living up to its name.
As additional security, FrootVPN offers no NAT (stands for Network Address Translation), a router feature. Port forwarding, the feature commonly found on VPN service providers which is vulnerable to the security flaw, is an application of NAT. The VPN service of FrootVPN wants to ensure that there will be no third-party intervention in any way, to provide complete security and anonymity to all its satisfied users.