Skip to main content
Tech Radar
  • Tech Radar Pro
  • Tech Radar Gaming
Tech Radar Pro TechRadar IT Insights for Business
Subscribe
RSS
(opens in new tab) (opens in new tab) (opens in new tab) (opens in new tab)
Asia
flag of Singapore
Singapore
Europe
flag of Danmark
Danmark
flag of Suomi
Suomi
flag of Norge
Norge
flag of Sverige
Sverige
flag of UK
UK
flag of Italia
Italia
flag of Nederland
Nederland
flag of België (Nederlands)
België (Nederlands)
flag of France
France
flag of Deutschland
Deutschland
flag of España
España
North America
flag of US (English)
US (English)
flag of Canada
Canada
flag of México
México
Australasia
flag of Australia
Australia
flag of New Zealand
New Zealand
Technology Magazines
(opens in new tab)
Technology Magazines (opens in new tab)
Why subscribe?
  • The best tech tutorials and in-depth reviews
  • Try a single issue or save on a subscription
  • Issues delivered straight to your door or device
From$12.99
(opens in new tab)
View Deal (opens in new tab)
  • News
  • Reviews
  • Features
  • Opinions
  • Website builders
  • Web hosting
  • Security
Trending
  • Best standing desk deals
  • Best cloud storage 2023
  • Everything you need to WFH
  • What is Microsoft Teams?
  • Windows 11 for business

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

  1. Home
  2. VPN
  3. Computing
Supported (opens in new tab)

VPN vulnerabilities: what do they really mean and should you be worried?

By Nate Drake

Find out what VPN vulnerabilities there are and how to keep yourself more secure online.

Woman's hand hovering over a laptop in black and white
(Image credit: Unsplash / Sergey Zolkin)

The very best VPNs establish a secure encrypted connection between devices over networks allowing companies and organizations to share resources securely. They were originally intended to allow employees to “dial home” to their corporate mainframe but these days are also often used to access geo-specific services or protect people’s online privacy. You can find out more in our guide What is a VPN?

It’s easy to have a false sense of security from using a VPN, given that they use advanced encryption. Still not all VPNs are created equal, especially some of the less-than-stellar free VPNs, so may have security vulnerabilities in their setup and implementation. You also need to have a clear idea of the limitations of what a VPN can and can’t do. 

Rogue users 

Using a VPN alone won’t always protect your systems from hackers. Naturally someone monitoring your connection won’t be able to decipher encrypted information sent over a secure VPN tunnel. Still, this won’t protect you from someone already connected to the virtual private network.

This is a particular concern if you have a large network as by default VPNs follow an “all or nothing model”. Everyone connected can access all network resources and exploit them. You can reduce this risk somewhat by implementing a “zero trust network access”, which can limit access to certain parts of your network just to those who truly need it.

Unprotected connections 

Once a secure, encrypted connection is established across your VPN, attackers will find it almost impossible to read anything meaningful from monitoring your data traffic. But what if something goes wrong at the start?

If the initial connection between your VPN client and server fails, or drops out during use then by default many devices revert back to your former unencrypted connection. If users don’t spot this in time, their data could be at risk.

Fortunately, some providers offer a VPN kill-switch that monitors when this happens. When it occurs, it simply shuts down all network access until the secure connection is established again. You can check with your VPN provider to see if they offer this service. Even if they do, it’s worth testing it whilst accessing some unimportant data to make sure it’s up to scratch. 

Protocols and patching 

VPNs used IPsec protocols to send and receive encrypted data. With time, VPNs shifted to using SSL/TLS to secure connections. SSL and TLS are supported natively by servers and web browsers through implementations like the OpenSSL library, making VPN products much easier to create and set up. 

However, SSL and TLS can be exploited. Worse still, some of these weaknesses have carried through to VPNs that use them, particularly ones where hackers can gain access to authentication credentials like the private keys used to secure VPNs.

In 2019, researchers at the Black Hat Security conference gave a presentation on how hundreds of such vulnerabilities had been discovered in SSL VPNs along with a demonstration of how to “jailbreak” such networks. 

Unlike normal software products, it’s also not easy to install “patches” to fix such vulnerabilities, as doing so would involve shutting down the entire VPN. This would leave user data at risk.

DNS leaks 

Assuming that a user wants to use a VPN for privacy reasons, DNS leakage is a serious worry.

DNS acts as a virtual telephone directory for the internet, translating the web addresses you type into your browser into machine readable IP (Internet Protocol) IP addresses. 

All VPN services will establish an encrypted connection between the client and server if set up correctly. However, if the DNS ‘requests’ you make are also not managed by the VPN, then a bad actor may be able to find out which sites you visit. This is known as a DNS leak.

This can occur because your VPN service has left the default DNS servers offered by your ISP in place rather than requiring your device to use their own. But some VPN providers understand how vulnerable this can make your devices and forward all DNS requests to their own servers.  

Malware and phishing 

While VPNs can establish encoded connections between your devices in themselves they can’t do much to protect you from malware or phishing attacks.

In simplest terms, this means if you or anyone connected to your VPN download malware to their device and run it, your device will be affected in the same way as one that didn’t use a VPN. 

Similarly, should a user click on a phishing link and enter sensitive data, a VPN won’t help keep this data safe. You can reduce the risk of this happening by improving all-round security: make sure your antivirus software is up to date and install malware removal software and ad blockers.  

Protect against VPN weaknesses

VPNs are not a one-stop security and privacy solution. They need to be properly set up and maintained. You also need to be aware who else is connecting to them. 

If you feel the level of trust you have to give to these people is too great, you may prefer to move to a centralized cloud-based model for people in your organization - especially if you’re still running legacy VPNs, putting you at risk. This will allow you greater control over what resources they access.

If you’re simply accessing a VPN for personal use, choose a reputable provider who regularly conducts VPN audits to protect against weaknesses like these.  

Today's best overall VPNs
Express VPN (opens in new tab)
ExpressVPN 12 month
(opens in new tab)
$6.67
/mth
(opens in new tab)
View Deal (opens in new tab)
UP TO 1 YEAR FREE
NordVPN (opens in new tab)
NordVPN 2 Year
(opens in new tab)
$3.49
/mth
(opens in new tab)
View Deal (opens in new tab)
Exclusive discount
HotSpot Shield (opens in new tab)
Hotspot Shield 3 year
(opens in new tab)
$2.49
/mth
(opens in new tab)
View Deal (opens in new tab)
+2 months free
Surfshark (opens in new tab)
Surfshark 24 Months
(opens in new tab)
$2.30
/mth
(opens in new tab)
View Deal (opens in new tab)
+3 MONTHS FREE
Private Internet Access (opens in new tab)
Private Internet Access 24 Month
(opens in new tab)
$2.11
/mth
(opens in new tab)
View Deal (opens in new tab)
We check over 250 million products every day for the best prices

TechRadar Pro created this content as part of a paid partnership with ExpressVPN.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

By submitting your information you agree to the Terms & Conditions (opens in new tab) and Privacy Policy (opens in new tab) and are aged 16 or over.
Nate Drake
Social Links Navigation

Nate Drake is a tech journalist specializing in cybersecurity and retro tech. He broke out from his cubicle at Apple 6 years ago and now spends his days sipping Earl Grey tea & writing elegant copy.

  1. Vecna stares directly into the camera in Stranger Things season 4
    1
    Stranger Things season 5 is about to hit the big Marvel and Star Wars problem
  2. 2
    10 things you didn't know Google Maps could do
  3. 3
    After years of owning OLED TVs, I've finally stopped worrying about burn-in
  4. 4
    5 reasons why you emphatically need a Dolby Atmos soundbar in your life
  5. 5
    The end for regular OLED TVs is nigh
  1. Vecna stares directly into the camera in Stranger Things season 4
    1
    Stranger Things season 5 is about to hit the big Marvel and Star Wars problem
  2. 2
    Folding phones will be massive in 2023. Here’s why
  3. 3
    10 things you didn't know Google Maps could do
  4. 4
    Soul jump into March’s PlayStation Plus Catalog with this action-adventure game
  5. 5
    Attention wedding photographers — MPB is the best place to buy and sell used gear
Technology Magazines
(opens in new tab)
  • ●
Technology Magazines (opens in new tab)
  • The best tech tutorials and in-depth reviews
From$12.99
(opens in new tab)
View Deal (opens in new tab)

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site (opens in new tab).

  • About Us (opens in new tab)
  • Contact Us (opens in new tab)
  • Terms and conditions (opens in new tab)
  • Privacy policy (opens in new tab)
  • Cookies policy (opens in new tab)
  • Advertise with us (opens in new tab)
  • Web notifications (opens in new tab)
  • Accessibility Statement
  • Careers (opens in new tab)

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.