Home SecurityNetwork Security Recent VPN hacks reveal transparency issues within the industry and its supply chain

Recent VPN hacks reveal transparency issues within the industry and its supply chain

by ethhack

Consumers are no doubt becoming increasingly aware about the safety and security of their online activity after many highly publicized studies have shown an uptick in online data theft. According to the Federal Trade Commission, there were 3 million reports of identity theft alone in 2018.

Even though these threats — and the rash of data breaches — continue to grab headlines, consumers still are connecting to public wifi despite the threats and are joining other unsafe networks while traveling. More cautious or tech-savvy individuals know to turn to virtual private networks (VPNs) as a way to safely connect online, and as VPNs become more mainstream, some project the VPN market can grow to more than $35 billion by 2022. We’ve even seen some vendors to capitalize by creating flashy TV commercials that insinuate that they are consumers’ digital doorman. 

However, as these companies look to pull back the curtain on the nefarious digital underworld, I can’t help but wonder if the curtain has been sufficiently pulled back on their own operation? I don’t mean this as if they, too, are digital thieves taking oblivious consumers’ data (though some very well do sell your data to third parties), but instead question whether the VPN industry has been transparent about its own security protocols. 

It wasn’t that long ago that NordVPN, probably the most well-known vendor, was hacked. An attacker broke into one of its servers in an overseas data center by penetrating a surprisingly insecure remote management system left by the “unnamed” data center provider. 

While NordVPN became the latest high-tech hack and even though there’s great irony of being an insecure security system, that’s not the egregious issue here. It’s also not the fact that the breach went unnoticed for a month, though that one does sting a little extra. The real warning here is that NordVPN not only didn’t know the system was being used to support its operation, but it also had no idea the thing even existed. Think about that for a minute; a data-security vendor engaged with a core partner and didn’t audit all of the potential vulnerabilities within their partners. 

Was NordVPN just an industry anomaly that had a single lapse in judgement? Nope, we came to find out that this vulnerability not only compromised NordVPN, it also exposed others like TorGuard. Now we have a scary trend. There are already a lot of sketchy VPN providers marketing to a consumer base that is still largely unfamiliar with the technology — including those that may be willing to share your data with authoritarian governments. But now even the most “trusted” have proven that they, too, have either lax or downright sloppy protocols in place to mitigate all points of potential attacks.



Source link

Related Articles

Leave a Comment