Security News > 2020 > May > Two Popular VPNs Exposed Users to Attacks Via Fake Updates
Researchers analyzed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that could be exploited to hack users' devices.
VPNpro, a company that specializes in analyzing and comparing VPN services, analyzed the 20 most popular VPNs to see which of them allow attackers to intercept communications and push fake updates.
The analysis revealed that PrivateVPN and Betternet VPNs were vulnerable to these types of attacks.
Betternet did not automatically execute the update, but prompted the user to update the app, which in many cases would also likely lead to execution of the fake update.
According to VPNpro, a man-in-the-middle attacker could have intercepted the targeted user's VPN connection and pushed a fake software update.
News URL
Related news
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Massive brute force attack uses 2.8 million IPs to target VPN devices (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)