Critical vulnerabilities in three popular VPN services

April 3, 2018 Sin comentarios

Critical vulnerabilities discovered in three popular VPN services that could leak users' real IP addresses and other sensitive data.

VPN, o Virtual private network, is an excellent way to protect your daily online activities by encrypting your data and increasing security, in addition to being useful for hiding your real IP address. While some choose VPN services for online anonymity and data security, one of the main reasons many people use VPNs is to hide their real IP addresses and bypass online censorship to access websites blocked by their ISPs (Internet providers).

¿Pero qué ocurre si la VPN que crees que protege tu privacidad está filtrando tus datos confidenciales y tu ubicación real?

Un equipo de tres hackers éticos contratados por la firma defensora de privacidad VPN Mentor reveló que tres populares proveedores de servicios VPN: HotSpot Shield, PureVPN y Zenmate, con millones de clientes en todo el mundo, eran vulnerables a fallas que podrían comprometer la privacidad del usuario.

El equipo incluye al investigador de seguridad de aplicaciones Paulos Yibelo, un hacker ético conocido por su alias ‘File Descriptor’ y trabaja para Cure53,la identidad de los otros investigadores no se ha revelado todavía.

PureVPN is the same company that a few months ago helped the FBI with the logs that led to the arrest of a man in Massachusetts in a cyberstalking case.

After a series of privacy tests on the three VPN services, the team discovered that they are leaking users' real IP addresses, which can be used to identify them and their real location.

Regarding the consequences for end users, VPN Mentor explains that the vulnerabilities could “allow governments, hostile organizations or individuals to identify a user's real IP address”.

The team found three separate vulnerabilities in AnchorFree's HotSpot Shield, which have been fixed by the company.

It should be noted that the three vulnerabilities were in the free Chrome extension of HotSpot Shield, not in the desktop or smartphone applications.

Researchers also reported similar vulnerabilities in the Chrome extensions of Zenmate and PureVPN, but for now, the details of the bugs are being kept secret since the manufacturers have not yet fixed them.

Leave a Reply Cancel reply

More news

A cybercriminal manages to use AI to steal data from the Mexican Government

Intec creates an AI that redefines the rules of the game in cybersecurity in the AI era.

Una exfiltración de datos afecta a un proveedor de Adidas

Se incrementan un 26% los incidentes de ciberseguridad

Un ciberataque paraliza en Roma la Universidad La Sapienza

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others