Could VPNs make users vulnerable? Six different major Virtual Private Network firms have been spotted installing root certificates that could potentially open up surveillance on their users' computers.
Popular VPNs Spotted that Could Potentially Compromise Its Customers
According to the story by AppleInsider, in a similar manner to the iCloud Private Relay by Apple, VPNs are supposed to protect users by routing all incoming and outcoming data through a trusted service. The service works by encrypting all personal information ever sent and received.
Although ideally solid, six of the most popular VPN firms in the world have been spotted doing the encryption in a way that could potentially compromise their users. An article by TechRadar noted how six VPN providers were spotted by AppEsteem, a security research firm, that could potentially compromise its customers.
Each VPN on the List Installed a Trusted Root Certificate Authority
Each VPN installs a trusted root certificate authority (CA) on its users' devices. The installation of the CA, as per the report, can be extremely risky.
A TechRadar security expert, Mike Williams, said that installing a trusted root certificate is not actually a good practice. Should the process be compromised, an attacker could easily forge more certificates.
Six VPNs on the List of Affected VPN Vendors
The result could intercept user communications by impersonating other domains if malicious actors do this. This means that despite a user utilizing a VPN service that encrypts its actions, the service itself could potentially be a bad actor and intercept all the users' data by overwriting the encryption.
As per the report, the six affected VPN vendors include Atlas VPN, Turbo VPN, VPN Proxy Master, VyprVPN, Sumrando VPN, and even the most popular Surfshark. Both Atlas VPN and Surfshark are expected to be merged with NordVPN.
Surfshark Spokesperson Responded to the Queries
Nord Security, however, is not one of the firms on the list that install the certificates on its users' devices. A Surfshark spokesperson responded to the queries by TechRadar, noting that the issue has already been addressed.
Surfshark, however, only referenced directly to Windows with no other additional information noted. As per the spokesperson, Surfshark is cooperating closely with AppEsteem in order to fix the highlighted issue much faster.
Company Says the Issue was Fixed for 'All Windows Users'
The company said that all of the issues had been fixed "and all Windows users" should be getting an updated version of the Surfshark app itself. Although Mac was not directly referenced in the statement, the spokesperson said that they would be putting in other efforts to help the company's Apple users.
The spokesperson continued by saying that they have been working on turning off the IKEv2 protocol describing it as "no longer popular" and focusing all of their efforts on the support of OpenVPN and Wireguard protocols.
Related Article : Lazarus Group and APT38 Hackers Confirmed to be Behind $620 Million Ethereum Crypto Heist
This article is owned by Tech Times
Written by Urian B.