• ✨Always Use Forum Private Messages PM For Deal With Vendors✨

    Admin Contacts Jabber: megiddo@jabber.sk Telegram: @Megiddo1

Popular Vpns Put Users At Risk Of Cyber Attacks

✨ Megiddo

✨ President ✨
Staff member
Joined
May 15, 2016
Messages
5,158
Likes
2,576
Points
1,730
VPN services contained vulnerabilities that allowed to intercept the connection and send fake updates.

32c13352f6c4bf4083fb7a3a230ab355.jpg


Security researchers at VPNpro analyzed the 20 most popular VPN services and found that two of them contain vulnerabilities that attackers could exploit to intercept a connection in order to send fake updates and install malware or steal user data.

PrivateVPN, Betternet, TorGuard and CyberGhost allowed connection interception, but only PrivateVPN and Betternet allowed attackers to send fake updates. PrivateVPN automatically installed the update, and Betternet only offered the user to do this.

According to experts, the offender could, using a MitM attack, take control of the target user's VPN connection and send a fake software update. In the most likely scenarios, the attacker could trick the victim into connecting to a malicious Wi-Fi network in a public place or by any means gaining access to the target router.

Fake software updates could lead to the installation of malware on the victim’s device, including ransomware, infostiller or cryptocurrency miners.

The experts informed the PrivateVPN and Betternet teams about their findings in mid-February, and they released fixes for these vulnerabilities.
__________________
 
Top Bottom