The main reason why Internet users subscribe to a VPN service is to protect their privacy and online security. VPNs use an encrypted digital tunnel through which the user’s connection passes, keeping the user’s data away from the prying eyes of malicious third-party users.
But what happens if your VPN gets compromised?
Cisco Talos, a leading-edge team of threat researchers, has recently revealed some security flaws found in top VPN services today, particularly NordVPN and ProtonVPN. Talos specializes in detecting, analyzing and creating security solutions against online threats like these VPN bugs.
The researchers discovered that these flaws stem from design vulnerabilities in both NordVPN and ProtonVPN clients, which allow the attackers to execute arbitrary codes.
VPN Security Flaws
These vulnerabilities have been identified as CVE-2018-3952 and CVE-2018-4010, which turn out to be similar to the flaws found by VerSprite earlier this year. The earlier security flaw discovered by VerSprite was tracked as CVE-2018-10169, and although patches have been applied to both clients to fix the security hole, it can still be exploited by other means. In fact, Talos said that they were able to work around these fixes which were applied last April.
How the VPN Security Flaw Works
The CVE-2018-10169 was a Windows privilege escalation flaw caused by the same design issues in both NordVPN and ProtonVPN.
The interface of both these VPN clients permits a logged-in user to execute binaries, including VPN configuration options, like choosing your preferred VPN server location. When the user clicks ‘Connect’, this information is forwarded to a service through an OpenVPN config file. The vulnerability lies in there — VerSprite was able to create a different OpenVPN configuration file and send it to the service to load and execute.
Anyone can craft the OpenVPN file, including those with malicious intent, and tamper with the VPN service or steal your data.
Both VPN service providers implemented the same patch designed to control the content of the OpenVPN file. However, Cisco pointed out that the code contains a small coding flaw that allows attackers to circumvent the patch.
Talos tested the patched versions of the two VPN clients, particularly ProtonVPN VPN version 1.5.1 and NordVPN version 126.96.36.199, and discovered that the patches implemented last April could be bypassed by attackers.
The bugs that resulted from these VPN tools vulnerabilities can result in privilege escalation, as well as arbitrary command execution. The CVE-2018-3952 bug affects NordVPN and its over one million users worldwide, while the CVE-2018-4010 impacts the relatively newer VPN service provider, ProtonVPN.
VPN Security Fix
These security flaws found in top VPN services have sent the VPN companies scrambling for an airtight solution. NordVPN has implemented a patch last August to resolve the problem. The company utilized an XML model to create OpenVPN config files that can’t be edited by logged-in users.
ProtonVPN, on the other hand, just finished creating a fix this month. ProtonVPN decided to relocate the OpenVPN config files to the installation directory. This way, standard users can’t easily modify the files.
Both VPN companies have advised their users to update their VPN clients as soon as possible to fix these bugs and avoid potential threats.
Other VPN Tools Vulnerabilities
Earlier this January, Cisco has released a high urgency security alert for users using network security devices configured with WebVPN. This clientless VPN service provider was given the Critical rating, the highest alert under the Common Vulnerability Scoring System. The VPN company was vulnerable to web-based network attack, allowing the attacker to bypass the security and run commands and gain total control of the networking devices. Cisco later on issued a patch to fix this vulnerability.
Also, according to a research conducted by High-Tech Bridge (HTB), nine out of ten VPN services use outdated or insecure encryption technologies, thereby putting users at risk. The study has also found out that majority of SSL VPNs either use an untrusted SSL certificate or use vulnerable 1024-bit keys for their RSA certificates. It is also disturbing to learn that one out of ten SSL VPN servers is still vulnerable to the infamous Heartbleed, a bug that allows hackers to extract data from the memory of unmatched systems.
This study just shows that vulnerabilities also exist in VPNs, which, ironically, were designed to protect us from these exact threats.
In order to ensure your online security, it is crucial to use reliable and trustworthy VPN services. Free VPN services may provide you with basic privacy, but you’re not sure whether the company is keeping track of your online activities or not. Free VPNs are also prone to bugs and other security issues.
Investing in a professional VPN service such as Outbyte VPN is the best solution because it offers 100% online security with no tracking. Outbyte VPN also uses a military-grade encryption technology, so there’s no question about its security.