PIA client v66 - Possible security vunlerability, and function issue

bgxsec

Hi, Long time user of PIA, never bothered to join the forum before now but did so to explore a few issues that a friend of mine asked me to check out this morning. He said he had already reported this to PIA, and believes it to be both a function type issue and a security issue with PIA client v 66 usage. Here goes, if anyone wants to check and verify which would be nice so thank you for your time so If you other PIA users could please, check the following: Check under the following Conditions: A. Using v66 of the PIA client. B. DNS Leak Protection is unchecked in the PIA client settings C. Windows 10 Pro (I'm using Windows 10 Pro, upgraded from Window 7 Ultimate, but Windows 10 Home users give it a try also) D. IPv6 is unchecked in connections adpaters (Settings > Network & Internet > Status > Network & Sharing Center) E. Use the default PIA DNS servers. If not set to 'Obtain DNS Server Address Automatically' in the IPv4 properties of the connections then select 'Obtain DNS Server Address Automatically' and apply the setting. After ensuring the above conditions... Procedure: 1. Shut down any browsers or other client type things (torrent things, message apps, skype, etc...) 2. Ensure the items to be unchecked above are actually unchecked 3. Using the PIA client connect to a gateway. 4. After connecting to a gateway, ensure you can browse to a site. Any site will do. Then close browser. 5. Open up an admin command prompt and enter: nslookup www.google.com (note: you can put in any site here for the nslookup) 6. Look at the output and see if your real ISP DNS server is showing in the address field and the nslookup times out 7. repeat the nslookup with any other site you choose. Check the address field with each one for your real ISP DNS server address and the nslookup times out 8. repeat all the above with DNS leak Protection selected in the PIA client app. Issues: A. Its possible for a malicious, or not so malicious, web site to run something on your system without you knowing it via any number of things (for example, a 'flash' or java based launcher disguised as somthing else) and read the output or send it to a site somewhere. It could be nslookup if they detect you are using a VPN or just want to do so. If nslookup is run under these conditions by a malicious (or not so malicious) web site entity, your real ISP DNS server will be exposed and your real ISP will be known. Please note also that some applications also use an nslookup in the background at times and if they do under these conditions they will also know your real ISP even though you are using the PIA VPN at the time (if they call home). B. nslookup's should work properly, they don't. Every nslookup times out. That's it, please post back with the results. Thank you for your time and patience.

bgxsec

argghhhh cant edit the post and it did not post correctly, will try again here. Hi, Long time user of PIA, never bothered to join the forum before now but did so to explore a few issues that a friend of mine asked me to check out this morning. He said he had already reported this to PIA, and believes it to be both a function type issue and a security issue with PIA client v 66 usage. Here goes, if anyone wants to check and verify which would be nice so thank you for your time so If you other PIA users could please, check the following: Check under the following Conditions: A. Using v66 of the PIA client. B. DNS Leak Protection is unchecked in the PIA client settings C. Windows 10 Pro (I'm using Windows 10 Pro, upgraded from Window 7 Ultimate, but Windows 10 Home users give it a try also) D. IPv6 is unchecked in connections adpaters (Settings > Network & Internet > Status > Network & Sharing Center) E. Use the default PIA DNS servers. If not set to 'Obtain DNS Server Address Automatically' in the IPv4 properties of the connections then select 'Obtain DNS Server Address Automatically' and apply the setting. After ensuring the above conditions... Procedure: 1. Shut down any browsers or other client type things (torrent things, message apps, skype, etc...) 2. Ensure the items to be unchecked above are actually unchecked 3. Using the PIA client connect to a gateway. 4. After connecting to a gateway, ensure you can browse to a site. Any site will do. Then close browser. 5. Open up an admin command prompt and enter: nslookup www.google.com (note: you can put in any site here for the nslookup) 6. Look at the output and see if your real ISP DNS server is showing in the address field and the nslookup times out 7. repeat the nslookup with any other site you choose. Check the address field with each one for your real ISP DNS server address and the nslookup times out 8. repeat all the above with DNS leak Protection selected in the PIA client app. Issues: A. Its possible for a malicious, or not so malicious, web site to run something on your system without you knowing it via any number of things (for example, a 'flash' or java based launcher disguised as somthing else) and read the output or send it to a site somewhere. It could be nslookup if they detect you are using a VPN or just want to do so. If nslookup is run under these conditions by a malicious (or not so malicious) web site entity, your real ISP DNS server will be exposed and your real ISP will be known. Please note also that some applications also use an nslookup in the background at times and if they do under these conditions they will also know your real ISP even though you are using the PIA VPN at the time (if they call home). B. nslookup's should work properly, they don't. Every nslookup times out. That's it, please post back with the results. Thank you for your time and patience

bgxsec

the heck with it - posting here was a waste of time as the forum software will not allow proper formatting with the post so its all run together even though it looks fine in the edit. Now I remember why I never bothered with this forum before, never did like the forum software either in this current version or the forum software used in the previous incarnation. Anyway, if you want to try this then here is a text file (pia issue.txt) with the procedures in it that would not post properly above > http://www58.zippyshare.com/v/aay3hY1S/file.html

Osborne_Cox

@bgxsec I'd suggest creating a ticket for this issue: https://www.privateinternetaccess.com/pages/contact-us

Just a tip for anyone reading: if you press quote on the original post you can see it properly formatted.

Looks like it needs html formatting; bbcode is no longer working.

bgxsec

@Osborne_Cox - It was already reported to PIA prior to the post.