Well-known VPN networks like HotSpot Shield, Pure VPN and Zenmate, are leaking user’s information, VPN Mentor discovered this when they researched virtual private networks (VPN). Sensitive data on millions of users are vulnerable, the privacy advocate network found.
VPN’s help users access websites blocked by their ISP’s, and hide a user’s identity, enhancing privacy and anonymity and circumventing censorship. It is especially dangerous for users when the tools they employ to protect them from surveillance end up assisting hackers to track your ISP address and identifying you. In this way, businesses can become vulnerable to malicious organizations planning to attack them with attempts at distributed denial of service (DDoS).
According to statements made on their blog post, VPN mentor employed three hackers to test HotSpot Shield, Pure VPN and Zenmate. The hackers found that all of these leaked IP addresses even when they were in use. This, they concluded, poses a massive security risk. The identity of two of the hackers is known for their online handles. They are File Descriptor and Paulos Yibelo. While all of the VPN’s are vulnerable in the Chrome Browser, desktop-and smartphone apps were unaffected.
HotSpot Shield exposed users to three weaknesses. The first, (CVE-2018-7879) enabled hackers to remotely execute code and could cause a reload of the system. The other two, (CVE-2018-7878 & CVE-2018-7880) exposed user’s IP addresses and DNS addresses, which users expressly attempt to hide by using the VPN.
HotSpot Shield quickly fixed the problems, something that VPN Mentor lauded publicly. Their commitment to the protection of their customers was clear to us, VPN Mentor co-founder, Ariel Hochstadt, explained. They saw the research we did as an opportunity for improvement rather than as criticism.
In the past year HotSpot Shield was caught violating user privacy themselves. They redirected users to advertising websites, kept activity logs and intercepted web traffic. The fast and efficient response of HotSpot Shield reported by VPN Mentor will, however, go a long way in salvaging their reputation.
Zenmate and PureVPN
Both Zenmate and Pure VPN exposed users to the same vulnerabilities as HotSpot Shield. Both leaked ISP addresses. Both of these companies, however, failed to react to the research findings, and could consequently not be informed of the specific nature of the loopholes in their product. Users are advised to pay attention to this and to contact the above VPN networks for updates.