Critical Security Flaws Found in Popular VPN Apps
What’s the first thought that comes to your mind when you think about a VPN connection? A secure connection that protects your browsing activities from unwanted eyes. But what if this secure connection is exposed to online threats. Sounds terrifying right!
As per the recent research, cyber experts have identified critical vulnerabilities in some of the popular and reliable VPN apps. It is found that some of the VPN connections consist of security loopholes and can allow hackers to spread PC threats including ransomware and malicious updates.
Security Vulnerabilities Are Found in Following VPN Servers:
- Betternet and PrivateVPN: These applications were able to download counterfeit software updates which are then used to fool users to install keyloggers and other malware. An infected system then becomes a ready base for cybercriminals to steal user data and information.
- CyberGhost, Torguard, and Hotspot Shield: These VPN apps were found safe, security experts stated that they were only able to access the communication between two machines one being the infected system and the other was the update endpoint.
Torguard in its counter statement stated that the allegations are completely baseless and only aim at misleading the end-users.
“Interception of TorGuard VPN is not possible as per the mail. According to the mail, the VPN in question uses authentic certificates instead of the false ones. The platform would not accept anything that is a fake certificate. The updates can definitely be visualized through the firewalls used but there is nothing that anyone can do about it. The statement which declares the vulnerability of the Firewall was actually argued to be completely misleading”.
Earlier in February 2020, security experts had notified PrivateVPN and Betternet about the security loopholes which were later on patched with appropriate updates. VPN pro in one of its statements quoted that “rather than keeping users security as their main focus PrivateVPN and Betternet overlooked and ignored the vulnerabilities that could expose users confidential data”.
Read More: Symlink Security Bug Detected in 28 Antivirus Apps
More About the Vulnerable VPN Apps
Security experts have made serious allegations on both PrivateVPN and BetterNet, they said that:
- The loopholes in PrivateVPN were beyond acceptable limits, as it not only allowed downloading of malicious updates and apps but also failed in sending update notifications to its users.
- On the other hand, Betternet did allow the installation of infected apps but it did notify the users to update their desktop applications.
They further stated that once the system is infected cybercriminals can easily exploit it. They can use it to install malicious malware, steal private and confidential information of the users, perform illegal activities, install ransomware, and also make unauthorized payments without users’ consent.
The research was carried out on other popular VPN apps including TunnelBear, SurfShark, IPVanish, ExpressVPN, HMA, PureVPN, TurboVPN, Hola VPN, Ivacy, Windscribe, PIA, and Hide.me. Thankfully these connections were found free from any malicious malware and vulnerabilities. VPNPro further quoted that, multiple attempts were made to bypass the security walls of the said connection but could not get through.
Experts have advised that users should avoid downloading applications and software updates while they are connected to a public or free Wi-Fi network. They also advise that users should be highly vigilant and practice extra safety while using public networks.