Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Using HotSpot Shield for security or Facebook access? Your IP is at risk of being exposed
Researchers have found a serious vulnerability that could leak true IP addresses and other sensitive information on very popular and widely used VPN software.
- VPN theory - What is a virtual private network?
- Useful virtual private networks on Google Chrome
Some people use VPN to browse anonymously or to protect their identity, and many people use them to hide their real IP addresses, bypass censorship and access blocked websites by region. But the bad news is that these software reveal the information you want to hide.
A group of three hackers hired by Mentor VPN revealed that three very popular VPN service providers, the HotSpot Shield, the PureVPN and the Zenmate - with millions of users around the world - turned out to be vulnerable.
After some security tests on these 3 VPN services, the team found that all three leaked the user's real IP, thereby identifying their identity and location.
The PureVPN is also the company that says it has never recorded history, but a few months ago used access history to help the FBI arrest a man in online surveillance.
The issue of Zenmate and PureVPN has not been published in detail because it has not been patched yet, but VPN Mentor said the error on Zenmate is less serious than the HotSpot Shield and PureVPN.
Using HotSpot Shield for security or Facebook access? Your IP is at risk of being exposed Picture 1
Capital is used to hide IP but users are at risk of being exposed to IP because of VPN software
These are 3 vulnerabilities on HotSpot Shield and have been patched.
- HIjack traffic (CVE-2018-7879) is part of the HotSpot Shield Chrome extension, allowing intrusion and redirection of web traffic to the infected site.
- Leak DNS (CVE-2018-7878) leaks IP users to DNS servers, allowing ISPs to monitor and record activity.
- True IP address leak (CVE-2018-7880) allows hackers to track user locations. This error is due to the whitelist to allow a very loose direct connection. Any domain with localhost such as localhost.foo.bar.com for example, and type = a1fproxyspeedtest in the address bar can bypass proxy and leak real IP.
Note that the above holes are on the Chrome browser utility, not on the mobile application or the software installed on the device.
See more:
- Russia banned proxy services and VPN to block extreme content
- China banned VPN services to build the Great Wall
- The best way to fake IP computer, best
Jessica TannerYou should read it
- Hotspot Shield - Free VPN Software
- Download Hotspot Shield 10.9.4
- Useful virtual private networks on Google Chrome
- Review Hotspot Shield: The fastest VPN available with proprietary technology
- Things you need to know about Private IP addresses
- How 'private' is your virtual private network?
- VPN vulnerabilities and how to check and prevent them
- VPN theory - What is a virtual private network?
- Should I use Hotspot Shield's free VPN?
- What does leak mean?
- Top hideout Free Fire little known
- Instructions for using Hotspot Shield for Windows
Maybe you are interested
ExpressVPN Now Supports Windows ARM PCs
How to set up Wireguard VPN on Linux
The 3 best browsers with built-in VPN for Mac and Windows
Why do websites think you are a robot when using a VPN?
What is VPN? Advantages and disadvantages of VPN virtual private network
Google One stopped providing VPN services due to lack of performance
Attack the network
The CredSSP vulnerability in the RDP protocol affects all versions of Windows- New dangerous security vulnerabilities appear on iOS 11.2.6, can read messages without unlocking
- The last 9 years Firefox has not protected user passwords carefully
- Detecting vulnerabilities in the QR code reader tool of iOS 11 may trick users into accessing malicious websites
- Many computers in Vietnam have been hijacked due to virus infection
- CertUtil.exe allows an attacker to download malicious code and bypass antivirus software
The CredSSP vulnerability in the RDP protocol affects all versions of Windows
New dangerous security vulnerabilities appear on iOS 11.2.6, can read messages without unlocking
The last 9 years Firefox has not protected user passwords carefully
Detecting vulnerabilities in the QR code reader tool of iOS 11 may trick users into accessing malicious websites
Many computers in Vietnam have been hijacked due to virus infection
CertUtil.exe allows an attacker to download malicious code and bypass antivirus software