SECURITY
SECURITY
SECURITY
HolaVPN is a massive security risk, security researchers warn
Cybersecurity firm Trend Micro Inc. today warned users of popular free virtual private network provider HolaVPN to stop using the service because it presents a range of highly unacceptable security risks.
Founded in 2007, HolaVPN pitches itself as a “community” peer-to-peer VPN service in which its users act as exit points for other users.
It’s difficult to estimate just how many users it has, but the Android app for the service alone has more than 10 million downloads and a million reviews. Some sites suggest it may have fewer than 10 million users, but others suggest that it has 175 million or more users worldwide.
In any case, every one of its users is at risk, according to the Trend Micro security researchers. The data sent over HolaVPN is said to be unencrypted, meaning it can be easily intercepted. Worse yet, HolaVPN makes its money selling access to its VPN network, meaning that users could and have seen their computers and phones used in botnet and spam campaigns.
In addition to privacy and malware risks, HolaVPN users were also found to be subjected to a variety of annoying and possibly misleading messages inserted by Luminati, the services’ parent company.
“Trend Micro’s decision to flag up HolaVPN as malware on its antivirus software is a step in the right direction for consumers,” Ray Walsh, a data privacy expert at BestVPN.com, told SiliconANGLE. “The risks posed by HolaVPN for its subscribers are severe, which is why HolaVPN is rightly considered the most dangerous VPN in the world.”
That lack of encryption, he added, means consumers have a false sense of security. “Privacy with HolaVPN is basically nonexistent, which means that consumers are getting none of the benefits that a VPN is supposed to provide,” he said. “What’s more, by permitting fellow HolaVPN users to connect to their computer, subscribers are potentially opening their IP address to use by cybercriminals, hackers and much worse.”
Walsh noted that the privacy policy says HolaVPN sells people’s data and browsing habits to outside companies, including frequently passing their email addresses to advertisers and to Luminati. “Furthermore, Hola was found to be fraudulently stealing and reselling user bandwidth, basically turning HolaVPN users computers into a botnet,” he said. “And, in addition to a complete lack of encryption, Hola was found to have both DNS and WebRTC leaks — further destroying its purpose as a privacy service.”
Image: Hola
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
