Skip to main content

Warning – 3 Popular VPN Services Are Leaking Your IP Address

Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data.

VPN, or Virtual Private Network, is a great way to protect your daily online activities that work by encrypting your data and boosting security, as well as useful to obscure your actual IP address.

While some choose VPN services for online anonymity and data security, one major reason many people use VPN is to hide their real IP addresses to bypass online censorship and access websites that are blocked by their ISPs.

But what if when the VPN you thought is protecting your privacy is actually leaking your sensitive data and real location?

A team of three ethical hackers hired by privacy advocate firm VPN Mentor revealed that three popular VPN service providers—HotSpot Shield, PureVPN, and Zenmate—with millions of customers worldwide were found vulnerable to flaws that could compromise user's privacy.

The team includes application security researcher Paulos Yibelo, an ethical hacker known by his alias 'File Descriptor' and works for Cure53, and whereas, the identity of third one has not been revealed on demand.

PureVPN is the same company who lied to have a 'no log' policy, but a few months ago helped the FBI with logs that lead to the arrest of a Massachusetts man in a cyberstalking case.

After a series of privacy tests on the three VPN services, the team found that all three VPN services are leaking their users' real IP addresses, which can be used to identify individual users and their actual location.

Concerning consequences for end users, VPN Mentor explains that the vulnerabilities could "allow governments, hostile organizations [sic], or individuals to identify the actual IP address of a user, even with the use of the VPNs."

The issues in ZenMate and PureVPN have not been disclosed since they haven't yet patched, while VPN Mentor says the issues discovered in ZenMate VPN were less severe than HotSpot Shield and PureVPN.

The team found three separate vulnerabilities in AnchorFree's HotSpot Shield, which have been fixed by the company. Here's the list:
  • Hijack all traffic (CVE-2018-7879) — This vulnerability resided in Hotspot Shield’s Chrome extension and could have allowed remote hackers to hijack and redirect victim's web traffic to a malicious site.
  • DNS leak (CVE-2018-7878) — DNS leak flaw in Hotspot Shield exposed users' original IP address to the DNS server, allowing ISPs to monitor and record their online activities.
  • Real IP Address leak (CVE-2018-7880) — This flaw poses a privacy threat to users since hackers can track user's real location and the ISP. the issue occurred because the extension had a loose whitelist for "direct connection." Researchers found that any domain with localhost, e.g., localhost.foo.bar.com, and 'type=a1fproxyspeedtest' in the URL bypass the proxy and leaks real IP address.
Here it must be noted that all the three vulnerabilities were in the HotSpot Shield's free Chrome plug-in, not in the desktop or smartphone apps.

The researchers also reported similar vulnerabilities in the Chrome plugins of Zenmate and PureVPN, but for now, the details of the bugs are being kept under wraps since both the manufacturers have not yet fixed them.

Researchers believe that most other VPN services also suffer from similar issues.

YOU MAY ALSO LIKE:
Labels:
Location: India

Comments

Post a Comment

Popular posts from this blog

DJI Spark vs. Parrot Bebop 2 Which One Is The Best

It's a Parrot vs DJI drone showdown Earlier this year, DJI announced it would be taking on the entry-level, selfie drone market with its  Spark . Along with challengers like the  Yuneec Breeze , the smallest DJI quadcopter is priced within touching distance of the bigger  Parrot Bebop 2 . How do they compare? Weight The Bebop is significantly heavier than the Spark, but that extra weight is an advantage in some ways. More on that in a minute. Battery Parrot has slotted a big battery into the Bebop 2 – the original Bebop had an 1100 mAh unit, compared to the 2700 mAh pack in the latest Bebop 2. That translates to a healthy flight time, too. Flight Time Parrot has a massive advantage over DJI when it comes to flight time. The bigger battery in the Bebop affords it a healthy 25 minute flight time, compared to 16 minutes for the Spark. The heavier Parrot drone is also likely to stand up better to buffeting in high winds. Range Both d...
Post a Comment
Read more

Update Your Firefox Browser to Fix a Critical Remotely Exploitable Flaw

Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser. The update comes just a week after the company rolled out its new Firefox Quantum browser, a.k.a Firefox 58, with some new features like improved graphics engine and performance optimizations and patches for more than 30 vulnerabilities. According to a security  advisory  published by Cisco, Firefox 58.0.1 addresses an 'arbitrary code execution’ flaw that originates due to 'insufficient sanitization' of HTML fragments in  chrome-privileged  documents (browser UI). Hackers could exploit this vulnerability (CVE-2018-5124) to run arbitrary code on the victim's computer just by tricking them into accessing a link or ' opening a file that submits malicious input to the affected software .' "A successful exploit could allow the a...
Post a Comment
Read more

8 Best Facebook Alternatives With Focus On Privacy For 2018

If you try to keep yourself updated with the latest developments in the technology and security world, you must be knowing about the recent Facebook-CA scandal. While most of us knew about Facebook’s relentless data collection practices, this revelation has forced many of us to raise questions and look for Facebook alternatives. Some are even looking for ways to permanently delete their Facebook account. There are many social networks, messaging apps, and news aggregation sites that you can get as a replacement of Facebook. So, let’s tell you about them in brief: Top 8 alternatives to Facebook’s website and app 1.  Vero The subscriber usage data is the bread and butter of social networks like Facebook. Vero is an option in this case as it’s based on the subscription model; so, it doesn’t show ads and collect data for the same. This fast-growing social media alternative is only app-based. They do collect your usage stats but make it av...
Post a Comment
Read more