Note on these VPN services: true user IP addresses have leaked
Hotspot Shield, PureVPN and Zenmate - if you use the VPN services of these providers, you must know that everyone could know the real IP address and your location. All organizations that are hostile to you, governments or individuals could identify the IP address of the network to which you were attached. If you are not on censorship , and you use VPN services to bypass blocked Internet resources, or even to encrypt the connection between the company / home network and the device in a different location, then the importance of the following gaps can be treated with a certain distance, still keeping your finger on the pulse. The problem for Hotspot Shield has already been patched, which does not mean that nothing has happened. PureVPN and Zenmate rank a bigger slip.
These VPN services revealed the user's location
1. Let's start with the Hotspot Shield supplier, which is known at the moment the most. Three gaps have already been repaired. They were found in the free Chrome browser plug-in . The following vulnerabilities do not apply to desktop and smartphone applications.
CVE-2018-7879: vulnerability in the Chrome extension allowed to redirect Internet traffic to a malicious site;
CVE-2018-7878: DNS server providers were able to monitor websites visited by the user;
CVE-2018-7880: visiting a page with the word "
localhost " or "
type=a1fproxyspeedtest " in the URL allowed you to temporarily "disable" the VPN service:
let whiteList = /localhost|accounts\.google|google\-analytics_.com|chrome\-signin|freegeoip\.net|event\.shelljacket|chrome\.google|box\.anchorfree|googleapis|127\.0 \ .0 \ .1 | hsselite | firebaseio | amazonaws \ .com | shelljacket \ .us | coloredsand \ .us | ratehike \ .us | pixel \ .quantserve \ .com | googleusercontent \ .com | EasyList \ -downloads \. Adblock Plus \ .org | hotspotshield | get \ .betternet \ .co | betternet \ .co | support \ .hotspotshield \ .com | geo \ .mydati \ .com | control \ .kochava \ .com /; if (isPlainHostName (host ) || shExpMatch (host, '* .local') || isInNet (ip, '10 .0.0.0 ',' 255.0.0.0 ') || isInNet (ip,' 172.16.0.0 ',' 255.240.0.0 ') | | isInNet (ip, '192.168.0.0', '255.255.0.0') || isInNet (ip, '22.214.171.124', '255.255.0.0') || isInNet (ip, '127.0.0.0', '255.255. 255.0 ') ||! Url.match (/ ^ https? /) || whiteList.test (host) || url.indexOf (' type = a1fproxyspeedtest ')! = -1) return' DIRECT ';
2. Information about the Zenmate supplier was not disclosed because it has not yet been able to meet the reported problems.
3. PureVPN - as above. It is not known yet whether the reported vulnerabilities have been fixed.
What if someone uses Hotspot Shield, PureVPN or Zenmate?
HotSpot Shield users have the easiest way. Actually, they do not have to do anything anymore. In their case, the vulnerabilities have been patched, and the Chrome extension has already been updated. We emphasize once again that the gaps did not apply to applications for smartphones and computers.
PureVPN and Zenmate customers are in a worse situation. Not only that the technical information is unknown, it is also unknown whether the problems relate only to browser extensions (and this is certain as amen in the paster), or additionally applications for different operating systems. At the moment, we advise you not to use VPN services from these providers if you are afraid that someone will get to know your real IP address. Researchers from the vpnMentor portal , who have detected all vulnerabilities, recommend that they ask the supplier to immediately correct the reported security errors.
What about the other suppliers? The editorial team of vpnMentor claims that extensions or applications of other VPN service providers may also have more or less serious errors leading to the disclosure of the real IP address of the user. In countries where the use of VPNs is legally prohibited, the consequences can be serious.
At the beginning of 2017, five researchers from various corners of the world analyzed a number of well-known VPN applications for Android . It turned out that most of them are suitable only for garbage.
The subject matter of the vpnMentor portal is closely related to the protection of privacy on the Web. Readers interested in privacy and security will find there, among others recommended VPN service providers .
Add new comment
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.