While analyzing popular VPNs available on Play Store, security researchers have found that several of them contain vulnerabilities which may leave millions of users at risk of hacking.
An investigation conducted by VPNPro revealed that the app SuperVPN Free VPN Client with more than 100 million installs, contains vulnerabilities that let the users of the app to become a victim of man-in-the-middle (MITM) attacks. The experts disclosed these vulnerabilities to the VPN app developers in October 2019 to give them enough time to fix these issues.
VPN vulnerabilities
It should be noted that as per the security researchers the cybercriminals can exploit these vulnerabilities intercept all of the communications between a user and the VPN provider with an intention to find out what the user is doing online.
The researchers at VPNPro revealed that almost 105 million users who have installed SuperVPN Free VPN Client in their devices could be at the risk of having credit card details. The hackers can access to the private photos as well as videos which they can leak or sell online shady platforms while having access to the voice recorder through which they can record the user's conversation. Researchers also said that there are 10 other apps on the list of top free VPN apps which contained similar vulnerabilities.
What are those top free VPN apps?
Apart from SuperVPN Free VPN Client, the other apps which security researchers found to have vulnerabilities are:
- TapVPN Free VPN
- Best Ultimate VPN – Fastest Secure Unlimited VPN
- Korea VPN – Plugin for Open VPN
- VPN Unblocker Free unlimited Best Anonymous Secure
- Super VPN 2019 USA – Free VPN
- Unblock Proxy VPN
- Wuma VPN-Pro (Fast & Unlimited & Security)
- VPN Download: Top
- Quick & Unblock Sites
- Secure VPN – Fast VPN Free & Unlimited VPN
- Power VPN Free VPN
As reported by 9News, a cybersecurity expert at VPNPro, Jan Youngren mentioned that using a free VPN could actually leave users vulnerable to hacking than not using one at all. He also mentioned that users are more willing to transmit sensitive information on VPN apps than on other apps. He also added that "For a VPN app to then be so vulnerable is a betrayal of users' trust and puts them in a worse position than if they hadn't used any VPN at all."
In addition, he said the hackers could be "Browsing a fake, malicious website set up by the hacker and aided by these dangerous VPN apps. While everything will appear to work normally, and you think that you're being extra safe and secure, you're actually being seriously exposed."
Even though these details were disclosed last year in order to give a chance to the developers to solve the issue, Best Ultimate VPN developers responded and patched the vulnerabilities.