This report identified three vulnerabilities with VPN services leaking sensitive IP Address and location information. Virtual Private Networks are used for several different reasons, but in this case it is used to connect privately to an internal network. The VPN service will encrypt your data and hide your true IP address for security reasons.
Vulnerabilities were found at PureVPN, HotSpot Shield, and Zenmate.
It was also noted that these vulnerabilities were with the Chrome plug-in. Not the desktop or smartphone version. The other vulnerabilities were not disclosed because no patch has been created.
https://thehackernews.com/2018/03/vpn-leak-ip-address.html
Elizabeth V Calise says
Fred, really interesting article you posted. I remember last year when Internet privacy laws were scrapped and all my IT friends kept discussing VPN. What is more concerning is that the VPN services which contained vulnerabilities were the services provided by three popular VPN providers. I could expect this from a smaller provider, but not a well-known one. To me, VPN services is your focus so why are there slip ups? Also, I am sure once Internet privacy laws were removed, business must have increased. I know many of people who purchased VPN services once this change went into effect. Technology, security and privacy are huge today and I feel as if those companies should know that and not have vulnerabilities in the free Chrome-plug-in.
Donald Hoxhaj says
Fred,
That’s actually quite interesting because over 40% of SMBs use VPN for remote business operations. I am unsure of the severity of these transactions, but if VPNs are leaking sensitive information such as IP address and location, this possibly has a huge place to instigate another cyber threat. Attackers can easily catch hold of these IPs to demand ransom. I am sure that Private VPNs are far secured and that organizations do use advanced security systems to prevent IP leaks over the private network.