What is my local IP Address?
How does this detection work?
One of the new additions to some modern browsers is WebRTC.
WebRTC is an API which is geared at enabling real-time in-browser communications without the need for extra plugins - think: "in-browser video chat without extra plugins". It holds a lot of potential for the future of online communication and is an exciting development.
A developer, Nathan Vander Wilt has discovered a way to make the WebRTC API divulge your machine's local IP address (or addresses; if you have more than one; for example if your laptop is plugged into ethernet but also has a wireless connection).
Is it something I need to worry about?
On one hand, it might be handy for your tech support team to know what the internal IP address of your workstation is (especially if they're working remotely and need to help you by logging on to your computer). And I guess it's also pretty cool because until recently, all it was possible to do was detect your external IP address.
However it is just one more bit of information that used to be private which can now be obtained about you and your computer. So attackers who are trying to analyze you and your set up have another way of getting more information about you.
Most startlingly, this technique can not only be used to get your IP address, but can be turned into a sort of "nmap" like tool; to scan your entire internal network. This is particularly troubling for businesses and universities. It means that if you visit a malicious website, you could inadvertently leak details such as the internal network structure to attackers.
A revealing example of this is shown here, by Einar Otto Stangvik.
He also includes a more detailed write up on the considerations and concerns about this API.
It is possible to diable WebRTC in some web browsers. One day we'll have a guide about how to do this.
If you have any more questions, use the contact form and we'll answer it and add your question here.