Note on these VPN services: true user IP addresses have leaked

Hotspot Shield, PureVPN and Zenmate - if you use the VPN services of these providers, you must know that everyone could know the real IP address and your location. All organizations that are hostile to you, governments or individuals could identify the IP address of the network to which you were attached. If you are not on censorship , and you use VPN services to bypass blocked Internet resources, or even to encrypt the connection between the company / home network and the device in a different location, then the importance of the following gaps can be treated with a certain distance, still keeping your finger on the pulse. The problem for Hotspot Shield has already been patched, which does not mean that nothing has happened. PureVPN and Zenmate rank a bigger slip.

These VPN services revealed the user's location

1. Let's start with the Hotspot Shield supplier, which is known at the moment the most. Three gaps have already been repaired. They were found in the free Chrome browser plug-in . The following vulnerabilities do not apply to desktop and smartphone applications.

CVE-2018-7879: vulnerability in the Chrome extension allowed to redirect Internet traffic to a malicious site;

CVE-2018-7878: DNS server providers were able to monitor websites visited by the user;

VPN services

CVE-2018-7880: visiting a page with the word " localhost " or " type=a1fproxyspeedtest " in the URL allowed you to temporarily "disable" the VPN service:

let whiteList = /localhost|accounts\.google|google\-analytics_.com|chrome\-signin|freegeoip\.net|event\.shelljacket|chrome\.google|box\.anchorfree|googleapis|127\.0 \ .0 \ .1 | hsselite | firebaseio | amazonaws \ .com | shelljacket \ .us | coloredsand \ .us | ratehike \ .us | pixel \ .quantserve \ .com | googleusercontent \ .com | EasyList \ -downloads \. Adblock Plus \ .org | hotspotshield | get \ .betternet \ .co | betternet \ .co | support \ .hotspotshield \ .com | geo \ .mydati \ .com | control \ .kochava \ .com /; if (isPlainHostName (host ) || shExpMatch (host, '* .local') || isInNet (ip, '10 .0.0.0 ',' 255.0.0.0 ') || isInNet (ip,' 172.16.0.0 ',' 255.240.0.0 ') | | isInNet (ip, '192.168.0.0', '255.255.0.0') || isInNet (ip, '173.37.0.0', '255.255.0.0') || isInNet (ip, '127.0.0.0', '255.255. 255.0 ') ||! Url.match (/ ^ https? /) || whiteList.test (host) || url.indexOf (' type = a1fproxyspeedtest ')! = -1) return' DIRECT '; 

VPN services

2. Information about the Zenmate supplier was not disclosed because it has not yet been able to meet the reported problems.

3. PureVPN - as above. It is not known yet whether the reported vulnerabilities have been fixed.

What if someone uses Hotspot Shield, PureVPN or Zenmate?

HotSpot Shield users have the easiest way. Actually, they do not have to do anything anymore. In their case, the vulnerabilities have been patched, and the Chrome extension has already been updated. We emphasize once again that the gaps did not apply to applications for smartphones and computers.

PureVPN and Zenmate customers are in a worse situation. Not only that the technical information is unknown, it is also unknown whether the problems relate only to browser extensions (and this is certain as amen in the paster), or additionally applications for different operating systems. At the moment, we advise you not to use VPN services from these providers if you are afraid that someone will get to know your real IP address. Researchers from the vpnMentor portal , who have detected all vulnerabilities, recommend that they ask the supplier to immediately correct the reported security errors.

What about the other suppliers? The editorial team of vpnMentor claims that extensions or applications of other VPN service providers may also have more or less serious errors leading to the disclosure of the real IP address of the user. In countries where the use of VPNs is legally prohibited, the consequences can be serious.

At the beginning of 2017, five researchers from various corners of the world analyzed a number of well-known VPN applications for Android . It turned out that most of them are suitable only for garbage.

The subject matter of the vpnMentor portal is closely related to the protection of privacy on the Web. Readers interested in privacy and security will find there, among others recommended VPN service providers .



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.