tetherfi icon indicating copy to clipboard operation
tetherfi copied to clipboard

Published 20 hours ago verified publisher icon pyamsoft

Proxy service seems to be unintentially leaked to the external mobile network(version 41)

Open brlin-tw opened this issue 9 months ago • 3 comments

I notice the following screenshot has contained client IP addresses that are not from the Wi-Fi network interface:

Screenshot_20240502-173715

This is quite concerning as malicious actors on the mobile ISP network may use the proxy service for malicious activities, or infiltrate the device via the service's vulnerabilities.

I do not enable the "Bind Proxy to All Interface" option in the app settings(which is not toggleable anyway in version 41).

brlin-tw avatar May 02 '24 09:05 brlin-tw

How odd.

Given that the hotspot runs on a subnet that is different from the RFC and USB tethering space those IP addresses should not be showing at all.

You can toggle the switch off to disable the network traffic for those addresses, and in the future I can make the proxy drop connections to anything that is not in the same shared 192.168.49 space

pyamsoft avatar May 02 '24 14:05 pyamsoft

You can toggle the switch off to disable the network traffic for those addresses

It is already off when the issue is reproduced, though as of now this is the only time where I can notice this symptom.

brlin-tw avatar May 03 '24 20:05 brlin-tw

The next version 42 will reject connections from any devices that are outside of the owning subnet. Basically, anything that is not 192.168.49.XXX in your screenshot above would be rejected from the proxy.

pyamsoft avatar May 03 '24 20:05 pyamsoft

With the release of version 43, this bug should be fixed by rejecting any connection outside of 192.168.49.XXX

Thank you for your contribution to the project!

pyamsoft avatar Jun 28 '24 04:06 pyamsoft

Thanks for the work!

brlin-tw avatar Jun 28 '24 09:06 brlin-tw