Many big VPNs have glaring security problems

By Jon Martindale July 1, 2015

MacBook Keyboard — Image used with permission by copyright holder

A new study to come out of the Sapienza University of Rome and Queen Mary University of London has found that a large number of commercial virtual private network (VPN) providers utilize systems that are wide open to attacks. The potential is there, the researchers say, for those using VPN services to have their browsing history and other Internet-related traffic viewed by external actors, without too much difficulty.

Of all the 16 services considered as part of the study, only one was protected from DNS hijacking. However even that one fell down when it came to IPv6-leaks, along with 13 of the other VPN companies.

vpns — Image used with permission by copyright holder

To make matters worse, over half of the services looked into used the Point-to-Point Tunnelling Protocol with MS-CHAPv2 authentications, which, as TechReport points out, makes them vulnerable to brute force hacks.

These revelations are problematic for the VPN industry — and specifically the companies named and shamed — as their whole job is to obfuscate a user’s Internet traffic. If that is as obvious when using a VPN as without, then it’s technically worse to use one of these services, since those hoping to infiltrate their servers know that the person behind the traffic doesn’t want to be found.

This is also sad news for those that were hoping to hide their traffic from an overintrusive government. While some VPN providers would be unlikely to work directly with the authorities of any nation, the NSA and GHCQ have shown a penchant for hacking and the use of malware to garner information, so it wouldn’t be surprising to learn that some of these VPNs have been infiltrated by government organizations.

Do any of you use these VPN services? If so, do you plan to continue doing so after these revelations?

Editors' Recommendations

Topics

Computing Coordinator

Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…

Computing

How to set up a VPN

best VPN services

A virtual private network, or VPN, keeps others from tracking your movements online and makes your IP address untraceable. In times such as these, it could be beneficial to use a VPN to protect your network and data. If a VPN is in your future, but you are unsure how to set one up, this is the guide for you. We will discuss how to set up and use your VPN on Windows and MacOS PCs.
Step 1: Sign up and install your chosen VPN
Whether you pick a firm favorite like NordVPN or our current top choice, Private Internet Access, you will need to install the VPN client. Most top VPNs offer apps for Windows, MacOS, Linux, and both Android and iOS mobile devices, so download the program from either your respective app store or the official website and install it as usual.

You'll need to sign up for the service to get an official account, but once concluded, take your login information and enter it into the software to access the VPN service.

Computing

Your Dell laptop might have a security vulnerability. Here’s how to fix it.

dell new inspiron laptops take xps design lineup 2021 1

After a security research firm discovered a security vulnerability that could give hackers access to your laptop, Dell is taking action with a fix. Impacting hundreds of millions of laptops across more than 380 models (including XPS, and Alienware) released since 2009, there are now more ways than one for you to address the urgent issue.

At the heart of this problem is a driver that Dell's laptops use to handle firmware updates. According to a Dell support page, this driver comes packaged with Dell Client firmware update utility packages and software tools, and a vulnerability within it can "lead to escalation of privileges, denial of service, or information disclosure."

News

Tesla factories’ security cameras caught up in wider hack

Tesla Gigafactory

A Silicon Valley startup offering cloud-based security camera services has had its systems breached in an attack that gave hackers access to numerous live feeds, some of them coming from Tesla factories.

Verkada, which launched in 2016, had around 150,000 of its cameras hacked, with many of the devices installed in hospitals, schools, police departments, prisons, and companies that besides Tesla also included software provider Cloudflare, according to a Bloomberg report on Tuesday, March 9.