Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
VPNMentor found that three popular VPN services leaked data about specific users that could be used to identify them. In particular, we are talking about services Hotspot Shield, Zenmate and PureVPN.
A VPN or virtual private network allows you to view traffic through other servers, making it difficult to identify the user. VPNs are popular in some parts of the world where internet access is restricted or censored. Often, traffic is encrypted in such a way that ISPs and even VPN services themselves do not have access to it.
However, during the study, vulnerabilities were discovered in the services that can lead to leakage of real IP addresses and, in some cases, make it possible to identify individual users and determine their location.
In the case of Hotspot Shield, three vulnerabilities were found in an extension for the Chrome browser, namely in the mechanism for processing automatic configuration scripts using a proxy server. The problems allow you to identify the IP addresses of users and the DNS addresses.
Another vulnerability could allow an attacker to intercept and redirect web traffic to a proxy server, tricking the user into clicking a malicious link.
Currently, Hotspot Shield developer AnchorFree has already fixed the issues, noting that they only affect the browser extension.
Researchers have also reported similar issues with Zenmate and PureVPN. PureVPN said the company has already fixed vulnerabilities in the service. Zenmate representatives did not comment on the situation in any way.
A VPN or virtual private network allows you to view traffic through other servers, making it difficult to identify the user. VPNs are popular in some parts of the world where internet access is restricted or censored. Often, traffic is encrypted in such a way that ISPs and even VPN services themselves do not have access to it.
However, during the study, vulnerabilities were discovered in the services that can lead to leakage of real IP addresses and, in some cases, make it possible to identify individual users and determine their location.
In the case of Hotspot Shield, three vulnerabilities were found in an extension for the Chrome browser, namely in the mechanism for processing automatic configuration scripts using a proxy server. The problems allow you to identify the IP addresses of users and the DNS addresses.
Another vulnerability could allow an attacker to intercept and redirect web traffic to a proxy server, tricking the user into clicking a malicious link.
Currently, Hotspot Shield developer AnchorFree has already fixed the issues, noting that they only affect the browser extension.
Researchers have also reported similar issues with Zenmate and PureVPN. PureVPN said the company has already fixed vulnerabilities in the service. Zenmate representatives did not comment on the situation in any way.
