Saturday, January 16, 08:00
Home security Critical vulnerabilities in top Android VPN apps allow data theft

Critical vulnerabilities in top Android VPN apps allow data theft

Security investigators discovered critical vulnerabilities in top VPN apps being offered It's free for Android devices. Vulnerabilities allow attackers to execute Man-in-the-Middle attacks and steal sensitive data of users.

Critical vulnerabilities in top Android VPN apps allow data theft

There are many dangerous VPN apps that are installed on more than 120 million Appliances. The free VPN by name SuperVPN, is installed at least 100 million Android Appliances.

This VPN application is used by users into a 150 countries.

SuperVPN is designed by supersofttech, a company based in Singapore. In fact, however, it is owned by the independent app publisher, Jinrong Zheng, from China.

Unencrypted communications

Security investigators examined the SuperVPN and found that it was being sent sensitive encrypted data via unsecured HTTP.

Also, the VPN application contains one decryption key that allowed researchers decrypt the data.

This leads to finding sensitive data about him server the SuperVPN, its certificates and the credentials that the VPN server needs to authenticate.

Attackers can use this information and replace the actual SuperVPN server data with false server data.

The severity of the vulnerabilities

According to experts, attackers can exploit VPN vulnerabilities and monitor users' communications and activities. In this way, they can gain access to sensitive data such as sites visited by users. In addition, they can steal usernames and passwords, photos, videos, messages and more.

Critical vulnerabilities in top Android VPN apps allow data theft

According to researchers, “some applications have their encryption keys in the VPN application. This means that even if the data is encrypted, the hackers they can easily be decrypt using these keys ”.

VPN developers have released some of the keys to help attackers gain access access to encrypted user data.

“In 2016, SuperVPN had only 10.000 downloads. Now, it has more than 100 million. Although many articles stated that SuperVPN was malicious, has not yet been removed from the Play Store", The researchers said.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...