Millions of VPN users at risk of hacking - here's what you need to know

(Image credit: Shutterstock)

After analyzing the top free VPNs available on the Google Play Store, security researchers have discovered that several contain critical vulnerabilities.

VPNPro's investigation found that the app SuperVPN Free VPN Client, which has over 100m installs, contains critical vulnerabilities that open users of the app up to man-in-the-middle (MITM) attacks. 

By exploiting these vulnerabilities, a hacker can easily intercept all of the communications between a user and the VPN provider to find out exactly what the user is doing online.

According to VPNPro, nearly 105m users who have installed SuperVPN Free VPN Client could be at risk of having their credit card details stolen, their private photos and videos leaked or sold online or their conversations recorded. To make matters worse, of the top free VPN apps analyzed by its security researchers, 10 other apps contained similar vulnerabilities.

Free VPN apps

Besides SuperVPN Free VPN Client, the other free VPN apps that VPNPro found to have vulnerabilities include TapVPN Free VPN, Best Ultimate VPN – Fastest Secure Unlimited VPN, Korea VPN – Plugin for Open VPN, VPN Unblocker Free unlimited Best Anonymous Secure, Super VPN 2019 USA – Free VPN, Unblock Proxy VPN, Wuma VPN-Pro (Fast & Unlimited & Security), VPN Download: Top, Quick & Unblock Sites, Secure VPN – Fast VPN Free & Unlimited VPN and Power VPN Free VPN.

Cybersecurity expert at VPNPro, Jan Youngren explained to 9News that using a free VPN could actually leave users less protected than not using one at all, saying:

"(VPN users are) more willing to transmit sensitive information on VPN apps than on other apps. For a VPN app to then be so vulnerable is a betrayal of users' trust and puts them in a worse position than if they hadn't used any VPN at all."

VPNPro disclosed these vulnerabilities to the developers of all 10 affected VPN apps back in October in order to give them enough time to fix these issues. However, only one VPN app, Best Ultimate VPN, responded and patched the vulnerabilities.

  • Looking for a VPN without vulnerabilities? Check out our complete list of the best VPN services

Via 9News

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.