VPN: You may not be as secure as you think you are

by | Mar 22, 2020 | Facts

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 2 Minutes

Using a VPN is not 100% Secure. The reason is simple, still, security researchers, hackers, submit bug bounties, testing a lot of VPNs, by showing programming errors that cause leaks, monitoring user traffic, and lack privacy policies.

So by default, when you use VPN, depending on if it’s a free service or private, then definitely you need to question the privacy just how secure the supposedly encrypted pipe that you are using, through the internet, and whether the anonymity promise made by the VPN provider is indeed protecting your privacy.

Academics say they’ve discovered a whopping 13 programming errors in 61 separate VPN systems tested recently. The configuration bungles “allowed Internet traffic to travel outside the encrypted connection,” the researchers say. Surely they know about client certificate-based setups, and surely you know about replicating and extracting certificate information from leakage, and in combination with socially engineered orchestrated and advanced recon techniques.

Here is what happened

  •  Facebook, in 2013 Acquisition of VPN App maker Onavo, we saw what happened with the scandal.
  •  Google was also caught doing something similar by way of its Screenwise Meter App.
  •  App Annie also says its apps can continue to be used even if data sharing is turned off.

 

Third-Party Apps, API Keys, downloading apps from stores like Google or Apple, all these, you must understand that encryption is something, but the leakage of your data is another thing. Moreover, Man in the Middle Attacks can still work through most of the times, after gaining local network access through grabbing shell techniques. Hackers understand that.

See Also: So you want to be a hacker?
Offensive Security Courses

Academics say they’ve discovered a whopping 13 programming errors in 61 separate VPN systems tested recently. These problems are quite common in free VPN services. If you want safer internet browsing, avail premium VPN at VPN.Coupons with discounts up to 99%.

Conclusion

Even if you have a VPN, once data and information leave the VPN servers, they will still travel over hops to the servers of the web application or the website you want to visit, thus if the website is vulnerable or infected with malware your encrypted connection can’t protect you.

The way the internet is handled today, in combination with the specific privacy laws per country, with third-party analytics sharing, even when there are programs that tell you, “100% anonymous browsing”, one programming error, or not proper security measures taken by the service you trusted with your data.

It’s very difficult to offer a secure network for business when phishing attacks could result in a credential gathering and then escalating to quick damage involving breaking through the network without touching any client/server.

Therefore VPN does offer an important layer of security, and it is very important to understand what your/the provider is offering, also is the one that configures it, so having in mind the above mentioned is crucial.

Still, to have anonymity, it is not so easy to achieve as many think, when you measure and understand how its offered. Some kind of anonymity can be achievable with specific sets of configurations, examples range from using operating systems like: Tails, Whonix, Kodachi, Qubes, etc.. to even set up a Tor Network-based Routers.

Providing a better secure VPN solution is more than just a matter of low-cost yearly subscription, installation, and setup. It only takes one mistake, to destroy the reputation of a business or individual, and the cost is expensive for those who get compromised. Therefore, it is a crucial matter in today’s era to be aware of the risks and mitigate them as much as possible.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to Information Security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Merch

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.

Share This