Virtual Private Networks or VPNs have turned out to be fundamental for some web clients to access blocked content or to anchor their browsing history from the cyber surveillance directed on a mass scale by numerous administrations. In any case, the organizations offering VPN services frequently do not live up to their claims of protecting their users’ privacy.
A standout amongst the most well-known names in the VPN market is Hola VPN, which is utilized by more than 175 million individuals globally. Regardless of being such a prevalent administration, it has been recently discovered by security scientists at Trend Micro, that it misses the mark as far as undertaking measures to ensure their clients’ security and privacy were concerned.
An unsafe VPN
The security issues of Hola VPN start with its software which incredibly does not utilize encryption and leaks IP addresses. This itself makes it a risky choice for the individuals who need to stay away from censorship or reconnaissance. In any case, the research paper by Trend Micro goes a lot further to reveal insight into different issues with HolaVPN.
Hola VPN is accessible in both free and paid variants. In the free version, it is depicted as a community VPN where clients help each other to safely access the web. Although, the purported community VPN does not appear to do a lot to serve its clients according to Trend Micro’s discoveries.
Rather than the web traffic being shared between clients, it is directed through a rundown of a thousand exit nodes hosted in data centers. Basically, every gadget with the free version of HolaVPN is transformed into an exit node that is monetized by a commercial proxy service called Luminati. As it turns out, Luminati and HolaVPN are owned by a same parent organization, Hola Networks Ltd.
This basically implies that the parent organization utilizes HolaVPN’s free clients’ data bandwidth to provide a residential proxy network under Luminati. This has been known since 2015 however there are different issues with this sort of business practice.
Earlier, it was not known how the Luminati network was really utilized however this recent research has uncovered that it is being mishandled by threat actors. Do keep in mind that such a proxy network with 32 million exit nodes, as indicated by Luminati’s site, can provide a high level of anonymity.
Trend Micro dissected more than 100 million URLs recorded as exit nodes of the Luminati proxy network between 2017 and 2018. The breakdown of Luminati’s traffic uncovered that more than 85 percent traffic went to mobile advertisements, mobile app domains, and affiliate programs. It is very clear that it is truly a beneficial business model for the organization.
With a developing mobile advertisements’ market, fraudsters are undoubtedly bound to enter the arena. The analysts found explicit evidence demonstrating that individuals from the notorious KlikVip group are utilizing Luminati to route traffic from their mobile advertisement sites to third-party pages. Almost certainly, these threat actors are manhandling the Luminati system to run click fraud campaigns.
Another area of concern pointed by the analysts was that, “…a substantial part of the Luminati traffic was related to the scraping of online content such as subscription-based scientific magazines, private contact details of physicians and attorneys, data on inmates, court documents in the U.S. and China, credit information, and even the Interpol’s most wanted list.”
Other frequently accessed services through Luminati incorporate airline reservation and check-in systems, websites selling concert tickets, and websites selling limited-edition, popular and hard-to-get items. The scientists noted, “…to evade botnet detection, some users of Luminati are likely using captcha solving services offered by sweatshops.”
Programmers manhandling the system
Beyond simply obscure money making exercises, the analysts discovered programmers utilizing Luminati for namelessly executing their operations.
“We have collected evidence that hackers have attempted to verify leaked webmail credentials via Luminati and have even tried to access the webmail of companies through the proxy network for an extended time period. Mobile payment systems were accessed via the Luminati network as well,” the researchers pointed out.
The overlap between traffic patterns of the Luminati network and adware-contaminated PCs distinguished by Trend Micro demonstrates that it is a noteworthy security hazard for HolaVPN clients and internet users in general.
Trend Micro has chosen to categorize HolaVPN software as “unwanted” to warn its clients against the related security hazards and has requested different associations to stick to this same pattern also.
The lesson is uproarious and clear. Any web client user must be extra cautious before utilizing any free VPN service. If due caution isn’t worked out, they may wind up paying by compromising their own security or enabling threat actors to commit cybercrimes.