VPN doesn’t always keep you anonymous online.
Millions of people use VPN service to ensure their online anonymity. It enables hiding their real IP address and encrypting data transmission. It turns out, however, that 3 providers of such services, HotSpot Shield, PureVPN and Zenmate have had trouble with this issue, and this can project onto millions of their clients.
The vulnerabilities in PureVPN and Zenmate have not been disclosed since relevant software patches have not yet been released. The bugs in HotSpot Shield by AnchorFree have already been patched and they related to:
- Possible hijacking of all network traffic (CVE-2018-7879) – vulnerability found in a Chrome extension enabling the attackers to hijack the traffic and direct it to a malicious WWW site.
- DNS leak (CVE-2018-7879) – DNS traffic from a HotSpot Shield user was directed to a DNS server specific to his/her computer and not available through VPN. This enables Internet service providers to monitor and record network activity.
- Real IP address leak (CVE-2018-7880) – all domains with “localhost” as localhost.foo.bar.com and ‘type=a1fproxyspeedtest’ in the URL address induced a bypass of the proxy and a leak of the real IP address.
This is not the first time thatservices like VPN experience problems. We discussed other ones in the post Will a free VPN from Facebook take care of your privacy??
Source: The Hacker News
—
Do you need cybersecurity solutions for your company – contact us.
