Malware and user security bugs are found in top free VPN applications
For every five applications listed in the top 150 free Android VPN apps on Google's Play store, one is flagged as a potential source of malware.In addition, 1/4 of the VPN application in this list is also said to contain security flaws that seriously affect users 'privacy, such as DNS leaks that reveal users' DNS queries to their ISPs. .
- Why should I stop using VPN for free immediately?
According to security expert Simon Migliano, Head of Research at Head of Research, the company behind the Top10VPN service, these Android VPN applications have been downloaded and installed about 260 million times according to the reported data. reported by Google itself.And this will be a scary source of malicious code if companies do not soon make corrective measures.
The in-depth study initiated by Top10VPN has been developed and published as a risk indicator, designed to help Android users understand exactly the security risks they face at high risk. when installing a free VPN application on your smartphone or tablet.
According to Simon Migliano's analysis and as mentioned before, one out of every five free VPN applications is tested, with a total of 27 applications being a potential source of malware when tested. Check with VirusTotal, greatly increasing the level of risk that users are at risk.
The problem becomes even worse when up to 25% of top VPN applications are affected by DNS security leaks.Specifically:
'This security vulnerability occurs when VPN applications cannot force DNS requests through encrypted traffic to its own DNS servers, and instead allow requests to be made directly. to the ISP's default DNS servers. Although the rest of the traffic may be confidential, the leaked data will suffice to reveal the user's browsing history to ISPs and any third-party DNS server operators. Which they can use '.
Issues found in the top ten free VPN applications (most downloaded and installed) on the Google Play store as follows:
Application (installation)
Rights risks
DNS leak
Functional risks
Virus / malware
Hotspot Shield is free
(50 million installments)
Discovered
Is not
Discovered
Is not
SuperVPN
(50 million installments)
Discovered
Have
Discovered
Is not
Hi VPN
(10 million installments)
Discovered
Have
Discovered
Is not
Hotspot Shield Basic
(10 million installments)
Discovered
Is not
Not detected yet
Is not
Psiphon Pro
(10 million installments)
Discovered
Is not
Discovered
Is not
Turbo VPN
(10 million installments)
Not detected yet
Have
Not detected yet
Is not
VPN Master
(10 million installments)
Not detected yet
Have
Discovered
Is not
Snap VPN
(10 million installments)
Discovered
Have
Discovered
Is not
Hola
(10 million installments)
Discovered
Have
Discovered
Is not
SpeedVPN
(10 million installments)
Discovered
Is not
Discovered
Is not
The study of Top10VPN also said that experts have found rights that are difficult to penetrate as well as code functions that make users of these VPN applications at risk of privacy, this problem may be encountered on About 85% of all free VPN applications are tested.
In addition, the team also found access rights and user privacy codes as follows:
- Location tracking (over 25% of applications are tested).
- Access device status information (about 38% of applications tested).
- Use cameras, microphones and the ability to secretly send SMS (insignificant).
- Use featured code to collect data about the end user's location (on about 57% of applications tested).
As detailed in the methodology section of the test results report, Migliano's team has installed each of one of the 150 most popular VPN applications on Android smartphones, at the same time running the test. VPN connection of these applications with the ICaly Netalyzr Internet connection analysis utility.
On the same VPN connection, researchers have conducted various IP tests using the online browserleaks.com platform compared with other control tests that are also implemented on the same device. without using any VPN connection.
- Google paid a fine of 50 million euros after allegedly violating the General Data Protection Act in France
When asked if users' privacy violations still appear in paid versions of these VPN applications, Migliano said:
'Although we do not upgrade to premium (paid) versions and conduct additional tests, I am confident that the key privacy issues will still exist, such as : DNS leaks, intrusion rights and risk code functionality. Basically, when you upgrade to the paid version, these applications still run on the platform of the free version, only to be added a few more advanced features'.
Simon Migliano is also the expert behind a previous analysis of the top 20 free VPN and iOS applications, leading to the conclusion that most of these applications are nearly impossible to protect. Privacy protection of users.As well as not having any support for users after the study was revealed.
Again, privacy is a painful issue that we must consider before using any application or service today.
See more;
- Microsoft shook hands with VirusTotal in resolving malicious code issues that affected MSI files
- The Internet is experiencing a huge problem with C / C ++, causing developers to "sweat"
- The corner of getting rich: A company hung a $ 1 million prize for anyone who hacked WhatsApp and iMessage
- The provisions of the Criminal Code relate to the field of information technology and telecommunications networks
You should read it
- Find bug in Emotet malware, prevent it from spreading for 6 months
- 14 games on the App Store contain malicious code, iPhone users be careful
- Detect new malicious code to attack Android device
- 238 applications found on Play Store contain malicious code that paralyzes smartphones
- A series of malicious applications that collect user data, delete immediately if you are installing
- Malicious code is growing up
- Discovered a new line of malicious Android code that steals user data on the electronic application market
- After WannaCry, Petya's 'extortion' malicious code is raging, this is a remedy to prevent
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
- Detects malicious code showing porn ads in children's games on Google Play
- Malicious code is hidden in cheats and mods that target the gaming community
- Detects 146 security holes in pre-installed Android applications
Maybe you are interested
You may have problems if you buy these 7 things when connecting to a VPN!
Can free VPNs be trusted?
3 Most Trusted VPN Extensions for Chrome
Warning: If you own an old D-Link VPN router, throw it away!
Some apps will still know your real location even if you use a VPN
Why do you need both a VPN and a firewall?