VPNs Fail Critical Security Tests

A VPN is meant to ensure the privacy of your communications through strong encryption, but new tests suggest that the most popular VPN services have critical security flaws.

Picture: Maksim Kabakou/Shutterstock

When you pay for a VPN, what you’re really paying for is security, whether it’s the security of your business operations, or the security of privacy in relation to your communications.

So it’s quite troubling to find that a study of commercial VPN providers showed that they all leak IPv6 traffic at an alarming rate.

The study, A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients examined the services of Hide My Ass, IPVanish, Astrill, ExpressVPN, StrongVPN, PureVPN, TorGuard, AirVPN, PrivateInternetAccess, VyprVPN, Tunnelbear, proXPN, Mullvad and Hotspot Shield Elite.

Of that list, every single VPN except for Astrill were open to IPv6 hijacking attempts, but even it was found to leak IPv6 data. As a result, none of them could be said to be secure, with significant possibilities to uncover user data in a way that makes a VPN essentially pointless.

The problem relates to VPNs not properly manipulating the routing table for IPv6 connections in the same way that they hide IPv4 results. With IPv6 traffic only set to grow, this is a problem that could get significantly worse.

VPNs are so insecure you might as well wear a KICK ME sign [The Register]


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


18 responses to “VPNs Fail Critical Security Tests”