A new report from a security site recently revealed that it discovered critical vulnerabilities in some of the available VPNs today. These vulnerabilities could enable hackers to push fake updates, steal user data, and install malicious programs. But, there are ways on how this could be prevented.
Crucial VPN Vulnerabilities
A recent report from VPN Pro reveals that a couple of popular VPN services could have been hacked using a malicious software update. According to the report, users subscribing with PrivteVPN and Betternet could have been totally attacked with almost all kinds of malware before they even became aware of it. The report, however, clarified that both VPN services have already fixed these vulnerabilities.
The site claims that prior to the fix rolled out by Betternet and PrivateVPN, users' PC could have been infected through fake software updates that they downloaded. The attack called man In The Middle, allows the device to download fake software without realizing that it was downloading an update from a shady source. According to VPN Pro, "Rather than protect their users' data, PrivateVPN and Betternet [had] overlooked a crucial security aspect that allows for malicious actors to steal that data or do even worse actions."
Apart from the two named VPN services, VPN Pro also looked into the top 20 popular VPN services where it noted that 14 of which had no similar issues. However, it revealed that they were able to intercept client-server communications of six VPN services. The report named Hide.me and Hotspot Shield, but neither of these services were linked to the proof-of-concept malicious server discovered by VPN Pro.
Two of the four VPN services connected with the malicious server. These include TorGuard and CyberGhost. Fortunately, these services did not download the fake software update that VPN Pro placed on the server. But, PrivateVPN and Betternet, however, did.
According to the report, the client software of Betternet did not install the malicious update automatically. Instead, it prompted the user to install the update. With users always on the look it for the software update, there is a high chance that they clicked the prompt and installed the malicious software update. On the part of PrivateVPN, it automatically installed the malicious software update.
How To Avoid This Kind of Attack
According to VPN Pro, users must always make sure not to download any software updates from untrusted sources or when using an open WIFi network. These days, hackers could easily set up a malicious Wifi hotspot and give it an innocuous name. Further, to avoid this kind of attack, it is always safe to have the best antivirus programs on your PC.
