Trend Micro Finds Major Flaws in HolaVPN

A popular free VPN is found to have a very high cost for users.

Dark Reading Staff, Dark Reading

December 19, 2018

1 Min Read
Dark Reading logo in a gray background | Dark Reading

A VPN is often touted as a basic piece of any mobile device security plan. But when the chosen VPN turns out to be not just ineffective but actively working against your security, the user is left both vulnerable and betrayed.

Researchers at Trend Micro have singled out HolaVPN, a free "community VPN," for using customer computers and devices as exit points for spam, phishing messages, and worse. The "worse" is especially important at businesses where employees have downloaded the HolaVPN software. In those cases, HolaVPN could provide a gateway into the enterprise network for malicious software of many varieties.

Community VPNs are those in which the users' computers and devices provide exit points for other users in exchange for low- or no-cost services.

Malicious file access was only part of the problem. The software for HolaVPN failed to provide encryption for users depending on the service to protect their data from theft.

Even without malware or data theft, HolaVPN users were subject to a variety of annoying and possibly misleading messages. In their research, the Trend Micro team found that 85% of the HolaVPN traffic they analyzed was concerned with mobile ads and other mobile-related domains and software.

Read more detailsĀ here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights