NordVPN and ProtonVPN obliged to push updates to patch new CVEs
» Top 10 Multimedia Laptops
» Top 10 Budget Multimedia Laptops
» Top 10 Gaming Laptops
» Top 10 Budget Gaming Notebooks
» Top 10 Lightweight Gaming Laptops
» Top 10 Business Laptops
» Top 10 Budget Office Laptops
» Top 10 Workstation Laptops
» Top 10 Subnotebooks
» Top 10 Ultrabooks
» Top 10 Chromebooks
» Best Laptop Displays
» Best Laptops for University Students
» Top alternatives to the Apple MacBook Pro 13
» Top alternatives to the Apple MacBook Pro 15
» Top alternatives to the MacBook 12/Air
» Top 10 Laptops for Picture and Video Editing
If you are reading this on a Windows PC on which either NordVPN or ProtonVPN are running, then you may need to check that this service is fully updated. This is because both providers have been hit by one new common vulnerability or exposure (CVE) each. These flaws, discovered by Cisco Talos researchers, could allow a hacker to gain control over the app and, potentially, sensitive information sent using it.
Many people use virtual private networks (VPNs) for privacy and security online, and also perhaps to bypass georestrictions in some cases. Therefore, it would be ironic in the extreme if such an application was subject to hacking. NordVPN, a popular provider based in Panama, is affected by CVE-2018-4010. ProtonVPN, which has been set up by a group connected to MIT, has become associated with CVE-2018-3952.
Despite the fact that the two CVEs has been given different designations, they both basically do the same thing. It involves exploiting a similarity in the interfaces of the two services that may replace an OpenVPN configuration file that is activated by clicking 'Connect'. A replacement file with the right content could then hijack the VPN app to gain access to valuable information, or to hi-jack control of the interface.
On the other hand, NordVPN claims that, in the case of their interface at least, this hack requires direct access to a potential victim's computer. ProtonVPN has also asserted that CVE-2018-3952 requires additional, preliminary hacking steps for it to be exploited.
Representatives from both VPN providers have confirmed that their latest updates contain patches for the relevant CVE. Hopefully, this is the last we hear of compromized or hackable VPNs.