Hackers can exploit critical vulnerabilities in PrivateVPN and Betternet – since fixed – to push out fake updates and plant malicious programs or steal data.
Attackers can intercept a VPN’s “communications and force the apps to download a fake update,” researchers from VPNPro who discovered the flaws wrote in a blog post. “The app may automatically apply the fake update, or send the user a notification to update the app.”
After testing 20 VPNs, the researchers reported their findings to Betternet and PrivateVPN – and both rolled out patches, on April 14 and March 26, respectively.
The post Vulnerabilities in two VPNs opened door to fake, malicious updates appeared first on SC Media.