Recently, researchers have discovered that HotSpot Shield, PureVPN, and Zenmate, three popular VPNs, have security problems that leak private information such as real ip of users and affect millions of users. After the user’s real ip is revealed, information such as real identity and physical address will be found.
It is understood that there are three serious vulnerabilities in the free HotSpot Shield Chrome plugin: Hijack all traffic (CVE-2018-7879), DNS leak (CVE-2018-7878), and real ip address leak (CVE-2018-7880). Currently, these three vulnerabilities have been fixed, and the desktop and mobile-side HotSpot Shields are not affected by the vulnerabilities.
The flaw detail is below
- Hijack all traffic (CVE-2018-7879) — This vulnerability resided in Hotspot Shield’s Chrome extension and could have allowed remote hackers to hijack and redirect victim’s web traffic to a malicious site.
- DNS leak (CVE-2018-7878) — DNS leak flaw in Hotspot Shield exposed users’ original IP address to the DNS server, allowing ISPs to monitor and record their online activities.
- Real IP Address leak (CVE-2018-7880) — This flaw poses a privacy threat to users since hackers can track user’s real location and the ISP. the issue occurred because the extension had a loose whitelist for “direct connection.” Researchers found that any domain with localhost, e.g., localhost.foo.bar.com, and ‘type=a1fproxyspeedtest’ in the URL bypass the proxy and leaks real IP address.