• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Vulnerability Research Into VPN Software

May 13, 2020 By Trevor Collins

iPad VPN

 

Last week Jan Youngren from VPNpro wrote about several vulnerabilities his team found in the client software of various VPN service providers. He didn’t investigate the protocols used for VPNs but looked at the rest of the software, like how they setup connections and install updates. Many VPN clients have a mechanism to connect back to the provider and retrieve updates directly to the VPN software. The researchers found that in some cases, the VPN software doesn’t properly verify the source of the update before downloading and executing it. As a secure VPN provider, they should ensure the highest level of security.

Of the 20 VPNs tested, six VPN providers don’t use certificate pinning. Certificate pinning ensures that only a specific server certificate trusted by the application itself will create a secure connection. This prevents a malicious certificate from affecting the connection. That said, Recent vulnerabilities found in certificate pinning make these certificates no more secure than normal certificate usage if an attacker already has access to the client. If an adversary has access to your device then they have already bypassed your VPN security. I don’t believe VPN providers must use certificate pinning for the updates and VPNpro agrees. But if a 3rd party certificate installs on your computer then the certificate owner could intercept the connections from TorGuard, CyberGhost, Hotspot Shield, and Hide Me as well as the vulnerable PrivateVPN and Betternet.

Jan found that not only could he intercept the management connections for PrivateVPN and Betternet without a trusted certificate, but he could trick both clients into downloading malicious updates from his server. He didn’t go into detail on how they performed the test, but they could have redirected an HTTPS request to HTTP or even a DNS request to his fake malicious servers. After downloading, Betternet asks the user to confirm before installing the malicious update. PrivateVPN doesn’t asks the user and automatically installed the fake malicious update. The vulnerability allows access to the VPN’s update communication where an adversary could add malware. For both VPNs the victim’s computer becomes more vulnerable by having the VPN software installed than without it.

PrivateVPN and Betternet corrected this vulnerability by properly checking the source of updates. If you use these VPNs, ensure you have the latest update by downloading over a trusted connection. Also, a VPN doesn’t automatically secure your connection to the Internet. The client software and server vulnerabilities can still create havoc for its users. Always check your server connection and if a secure connection fails stay away and come back when it works again.

Share This:

Related Posts

Filed Under: Editorial Articles Tagged With: Mobile VPN

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • The Hack of the Decade
  • Understanding Fileless Malware Outside the Network 
  • 11 High Severity Vulnerabilities found in Nvidia Software
  • Zyxel Adds a Built-in User With A Easy To Find Password

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 11 High Severity Vulnerabilities found in Nvidia Software
  • Zyxel Adds a Built-in User With A Easy To Find Password
  • The Hack of the Decade
  • Channel Partner Insight Names WatchGuardONE Security Partner Program of the Year
  • Understanding Fileless Malware Outside the Network 
View All

Search

Archives

Copyright © 2021 WatchGuard Technologies · Privacy Policy · Terms of Use