Six Popular VPN Services Put Users at Risk of Surveillance

According to an investigation by AppEsteem, six major VPN companies are putting their users at risk by installing root certificates that could be exploited by malicious actors to monitor user activity. The VPN services in question are Surfshark, Atlas VPN, VyprVPN, VPN Proxy Master, Sumrando VPN, and Turbo VPN.

How VPNs Are Supposed to Protect Users

VPNs (Virtual Private Networks) are designed to protect users by routing all their data through a trusted service that encrypts personal information. This encryption is meant to keep user data private and secure from third parties.

The Security Issue with Root Certificates

The investigation found that each of these VPN services installs a trusted root certification authority on users’ devices, which puts their privacy at risk. Installing trusted root certificates is not considered a good security practice. If such a certificate is compromised, an attacker could forge additional certificates, impersonate other domains, and intercept users’ communications.

This means that even if a user is using an encrypted service, both the VPN provider and cybercriminals could potentially override this encryption and intercept all transmitted data.

Response from VPN Providers

A representative from Surfshark stated that the issue has been resolved and only affected systems running Windows.