the vast majority of services providing connection to a virtual private network (VPN) is vulnerable to interception and leakage of data, incorporating “bad” code in the incoming traffic from the Internet and other attacks. As found by the experts, analyzing the applications of almost 300 suppliers of VPN services security requirements meet only a few of them.
it Turned out that 18% of VPN services generally encrypts the traffic, making the smartphone more vulnerable to attacks such as “man in the middle”, 84% — allow the diversion of traffic on the most modern Internet Protocol IPv6, and 38% contain code that the antivirus service VirusTotal klassificeret Google as malicious. Moreover, four out of 283 examined Android applications installed digital certificates, allowing them to intercept and decrypt the TLS traffic.
the Report was prepared by the experts from the State Association scientific and applied research (CSIRO) of Australia, University of South Wales and the University of California at Berkeley (USA). “Our results show that millions of users — despite knowing most of the VPN applications promises to maintain the confidentiality, security and anonymity may not be aware of the weak security assurances and practices of abuse,” wrote the authors.
as one of the most secure VPN services were called Freedome VPN from the Finnish company F-Secure. This program, the experts say, holds promise by encrypting Internet traffic and blocks web bugs (including Google Ads, DoubleClick and comScore). License Freedome VPN to 3 devices (besides Android, the program can be run on Windows, macOS and iOS) is on sale for $ 50 per year.
Source: Ars Technica