Researchers claim that a new vulnerability discovered in the Hotspot Shield VPN client could put user information at risk of being leaked.
In a rather ironic twist of events, researchers recently reported that the virtual private network (VPN) service, Hotspot Shield’s, client which is used to hide users’ IP addresses, could actually be used to trace their IP addresses as well as expose personal information.
Who Discovered Vulnerability?
The vulnerability was discovered by Paulos Yibelo, an independent cybersecurity researcher who has an impressive number of collected bug bounties to prove his credentials. In a blog post, Yibelo revealed that the Hotspot Shield client relies on a web server to conduct its communication with each user’s client.
In the blog post, Yibelo states that Hotspot Shield’s web server operates using port 895 as well as a hardcoded host 127.0.0.1. This means that the web server uses delicate JSONP endpoints that communicate sensitive data.
What is the Vulnerability?
Yibelo used the example of http://localhost:895/status.js could generate certain JSON sensitive responses which could include information such as whether a certain user is subscribed to a VPN service, which VPN service they use, and even what their actual IP address is. However, some sensitive system information could also extend to certain details pertaining to the PC’s configuration data. Yibelo has logged the bug as CVE-2018-6460.
Yibelo addressed the argument that attacks of this nature would surely only be applicable to LAN connected devices. YIbelo stated that a simple DNS rebinding technique could easily expand this attack to include both LANs and WANs.
In his blog post, Yibelo states that DNS rebinding would allow any website to create a DNS name which enables them to communicate with it using 127.0.0.1. This technique, according to Yibelo, would make WANs equally vulnerable to attack.
The company who developed Hotspot Shield, AnchorFree, confirmed that this vulnerability only exposed generic information about the user inquisition such as their location, but did not reveal personal information such as IP address. Despite this, the company confirmed that they are working on a patch which addresses this security concern.
The history of Hotspot Shield
Hotspot Shield has a surprisingly politically charged history. The VPN service rose to prominence during the Arab Springs protests of 2011 where a massive influx of Tunisia-based users started using VPNs in order to evade government detection of their online activity. During 2017, the company confirmed to have reached 500 million installs. Hotspot Shield was created by the company, AnchorFree, and is based on a freemium concept. That is, the basic version is free, while advanced features can be accessed by paying a subscription fee.
In August 2017, the VPN service made headlines again when the Centre for Democracy and Technology lodged a complaint against Hotspot Shield with the Federal Trade Commission. The complaint stated concerns about the company’s logging policies as well as the VPN’s use of third-party companies to have advertisements on its platform.
However, AnchorFree fought these allegations and maintained they did not share any individually identifiable data with any third-party company. To this end, the released a transparency report in November 2017 which proved to be a comprehensive report that detailed the company’s attitude regard third-party companies, government intrusion as well as the number of requests they received from governmental institutions for more information.
VPN vulnerabilities a growing concern
VPN vulnerabilities are not exclusive to Hotspot Shield. In January 2018, the VPN provider, Cisco, finally addressed some security concerns by making a security patch available for its Adaptive Security Appliance feature. While the patch received the highest possible CVSS rating of 10.00, the company raised suspicion when they released another security patch only days after the initial one.
During December 2017, researchers reported security flaws discovered in the highly popular VPN service, TunnelBear. The particular weakness left users exposed to man-in-the-middle (MitM) attacks.
These growing concerns have the power to undermine the very nature of VPN services, a service that users choose to protect their online activity.
Hotspot Shield Alternatives?
If you’re looking for an alternative VPN to Hotspot Shield, check out some of the great options below which are very secure: