A group of researchers from Sapienza University of Rome and Queen Mary University of London have published a study detailing significant security flaws in 16 commercial VPN services.
The problems arise from the way these VPN services operate over dual-stack networks (those using both IPv4 and IPv6). Over half of the services were found to be open to partial (and sometimes full) IPv6 traffic leakage, with the potential to expose the user's browsing history—even on websites that only use IPv4 connectivity.
All the services save for one were also found to be vulnerable to DNS hijacking, which can also expose IPv4 network traffic. Equally worrying is the fact that roughly half of the services provide connectivity through the Point-to-Point Tunneling Protocol with MS-CHAPv2 authentication, a method which can be easily cracked via brute force.
VPN services have risen in popularity for a multitude of reasons—whether for security on a public hotspot, privacy concerns, or simply as a way to work around regional restrictions on content. This study shows that users should be careful, however, as it's very easy to unwittingly purchase VPN services done wrong.
|Valve details plans for Steam storefront update||10|
|EVGA's liquid-cooled GTX 1070 Hybrid card goes up for pre-order||2|
|Google Play Store doors are now open for a few Chrome OS devices||3|
|Updated Roku range starts cheaper and gets HDR-ready||7|
|In Win's 509 full-tower case can swallow massive mobos||12|
|Friday Night Shortbread||27|
|Doom's latest update adds Deathmatch and private matches||15|
|Rumor: Google to showcase mesh networking router soon||11|
|SolidRun MicroSoM offers Braswell CPUs on a tiny package||19|