VPNs Fail Critical Security Tests

VPNs Fail Critical Security Tests

A VPN is meant to ensure the privacy of your communications through strong encryption, but new tests suggest that the most popular VPN services have critical security flaws.

Picture: Maksim Kabakou/Shutterstock

When you pay for a VPN, what you’re really paying for is security, whether it’s the security of your business operations, or the security of privacy in relation to your communications.

So it’s quite troubling to find that a study of commercial VPN providers showed that they all leak IPv6 traffic at an alarming rate.

The study, A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients examined the services of Hide My Ass, IPVanish, Astrill, ExpressVPN, StrongVPN, PureVPN, TorGuard, AirVPN, PrivateInternetAccess, VyprVPN, Tunnelbear, proXPN, Mullvad and Hotspot Shield Elite.

Of that list, every single VPN except for Astrill were open to IPv6 hijacking attempts, but even it was found to leak IPv6 data. As a result, none of them could be said to be secure, with significant possibilities to uncover user data in a way that makes a VPN essentially pointless.

The problem relates to VPNs not properly manipulating the routing table for IPv6 connections in the same way that they hide IPv4 results. With IPv6 traffic only set to grow, this is a problem that could get significantly worse.

VPNs are so insecure you might as well wear a KICK ME sign [The Register]


Show more comments

Comments are closed.

Log in to comment on this story!