Amidst exploding VPN usage, here are the threats affecting VPN services

• A large number of free VPN services have been spotted with malicious behavior, especially those used in mobile devices.
• In the last one year, there have been over 480 million mobile VPN app downloads for Android and iOS.

VPNs are one of the most popular online tools when it comes to maintaining web-surfers’ privacy from prying eyes of malicious actors. With a privacy-focused VPN, the entire online traffic of an end-user goes via a proxy server, which uses an encrypted connection.

Current VPN trend

According to Global Mobile VPN Report 2019 by Top10VPN, there have been more than 480 million mobile VPN applications download from official Android and iOS app stores in the last 12 months. Notably, it is 54 percent more than the year before.

Explaining the reason behind this spike, Simon Migliano, Head of Research at Top10VPN, said, "the surge was most pronounced overall in the Asia-Pacific (APAC), a region heavily afflicted by political and social unrest in the past 12 months, where 188 million apps were downloaded, which was more than double the previous year's total."

However, the trend among businesses is unlike the mobile trends. Traditional VPNs architecture, along with the recent breaches in the VPN providers network (for example, NordVPN), has raised some serious questions on the privacy and safety of the users.

NordVPN attack

Almost a month ago, NordVPN—a renowned VPN service provider, was attacked which raised suspicion about online privacy through other VPN providers. Attackers had managed to exploit one security flaw—at a data center located in Finland—within an interface for remote management.

At the same time, TorGuard and VikingVPN were other two providers that were breached, but none of them, including NordVPN, said that any credential or browsing history was leaked.

What makes a VPN vulnerable?

Weak security protocol: Firstly, many VPN providers fail to take the user’s security and privacy seriously enough. They still use single-layer protection, such as concealing the user’s real IP address, and displaying the IP address of the private server to protect their users online. Secondly, VPN providers using a weak security protocol as their primary protection system harm users. PPTP is an example of a weak and obsolete security protocol; there’s no way to switch to other security protocol even if the connection is encrypted with a private network. This loophole can be exploited by hackers to penetrate further in the network.

Flaws in VPN clients: Despite using a reputed and reliable VPN provider, users can still get axed by security threats due to flaws in the software client provided by the vendor. Recent discoveries of flaws in enterprise VPN provided by Fortinet, Palo Alto, and Pulse Secure, have raised many red flags for organizations using such services. Whether it is consumer-grade or commercial VPN, any service can get affected by flaws in their software clients.

Unreliable VPN services: Users, generally, are unaware of what differentiates one VPN service from the other; all they want is a proxy server to get their job done. How would one know if there’s any guaranteed online protection and privacy that they need? Almost all free VPN services have been spotted with suspicious behavior, especially those used in mobile devices. Hackers are looking for such vulnerabilities to penetrate their target’s system.

Server problems: If you have used a VPN service, you know what it is going to be about. Server problems are frustrating. Server problems can range from server connection issue, a slow connection speed to server downtime, and more. All these automatically disrupt a private or secure connection, leaving the connection vulnerable to attacks. Moreover, if one eventually get connected to a desired server, the connection may not be as private as one would expect.