- Joined
- May 15, 2016
- Messages
- 5,158
- Likes
- 2,576
- Points
- 1,730
VPN services contained vulnerabilities that allowed to intercept the connection and send fake updates.
Security researchers at VPNpro analyzed the 20 most popular VPN services and found that two of them contain vulnerabilities that attackers could exploit to intercept a connection in order to send fake updates and install malware or steal user data.
PrivateVPN, Betternet, TorGuard and CyberGhost allowed connection interception, but only PrivateVPN and Betternet allowed attackers to send fake updates. PrivateVPN automatically installed the update, and Betternet only offered the user to do this.
According to experts, the offender could, using a MitM attack, take control of the target user's VPN connection and send a fake software update. In the most likely scenarios, the attacker could trick the victim into connecting to a malicious Wi-Fi network in a public place or by any means gaining access to the target router.
Fake software updates could lead to the installation of malware on the victim’s device, including ransomware, infostiller or cryptocurrency miners.
The experts informed the PrivateVPN and Betternet teams about their findings in mid-February, and they released fixes for these vulnerabilities.
__________________
Security researchers at VPNpro analyzed the 20 most popular VPN services and found that two of them contain vulnerabilities that attackers could exploit to intercept a connection in order to send fake updates and install malware or steal user data.
PrivateVPN, Betternet, TorGuard and CyberGhost allowed connection interception, but only PrivateVPN and Betternet allowed attackers to send fake updates. PrivateVPN automatically installed the update, and Betternet only offered the user to do this.
According to experts, the offender could, using a MitM attack, take control of the target user's VPN connection and send a fake software update. In the most likely scenarios, the attacker could trick the victim into connecting to a malicious Wi-Fi network in a public place or by any means gaining access to the target router.
Fake software updates could lead to the installation of malware on the victim’s device, including ransomware, infostiller or cryptocurrency miners.
The experts informed the PrivateVPN and Betternet teams about their findings in mid-February, and they released fixes for these vulnerabilities.
__________________