Copyright Forbes
Updated November 9 with details of what a VPN is and how it actually works to sit alongside the warning from Google about malicious VPN activity, fake apps and scams. Google is on something of a security advisory blitz at the moment. From warnings that users must restart their Chrome browser following confirmation of a bunch of high-severity vulnerabilities, and another aimed at iPhone users after research suggested Android devices are safer. However, one of the most critical, in the light of the current political and technical climate, doesn’t concern hackers exploiting Android vulnerabilities or threats actors employing dangerous calendar invites in attacks, but rather the use of a VPN. Here’s what all smartphone users need to know and do. ForbesGoogle Issues New Gmail, Messages And Play Attacks Warning These VPNs Deliver Dangerous Malware Payloads, Including Password-Stealers, Google Warns As I recently reported, Laurie Richardson, Google’s vice president of trust and safety, has confirmed a number of security warnings for all smartphone users with the publication of its latest advisory. To be honest, the timing really couldn’t have been better. And I’m not referring to the fact that the advisory included seasonal shopping scams to beware of, but rather that the uptick in the use of virtual private networks following the implementation of the Online Safety Act in the U.K., and state-based legislation in the U.S., effectively makes accessing online pornography harder. Faced with stiff age-validation obstacles, many users have turned to a VPN to get them past the porn barriers, which is where the Google warning comes into play. ForbesHotels Hacker Alert Issued As ‘I Paid Twice’ Attacks Confirmed MORE FOR YOU Threat actors are, Richardson warned, disseminating “malicious applications disguised as legitimate VPN services across a wide range of platforms to compromise user security and privacy.” While enterprise users are not exempt from such deception, consumer VPN brands and consumers themselves, especially those who like to consume porn, are likely an easier target. Especially, as Google has pointed out, the threat actors will deploy social engineering campaigns that use “sexually suggestive advertising.” Install a malicious VPN app, a fake VPN service, and far from protecting your privacy, you leave yourself open to a myriad of malware and privacy threats. Sure, they might actually work and get you that access, generally very slow access indeed as they will piggy-back off of legitimate free VPN platforms, to the porn you are after, but at the same time deliver password-stealing malware and remote access trojans. These serve to “exfiltrate sensitive data such as browsing history, private messages, financial credentials and cryptocurrency wallet information,” Richardson confirmed. ForbesGemini AI Can Read Your Gmail Now, Google Says — Meh! What Is A VPN And How Does It Work? A consumer VPN is, put simply, an app that uses a platform that brings an encrypted tunnel to the connection party between your device and the site or service you are using on the internet. This VPN tunnel, according to the privacy experts at Proton, connects you first to the VPN server, which “handles all DNS queries and acts as an intermediary that sits between your device and the internet, routing your data to the correct destinations.“ This is what hides your actual IP address from the internet service provider and the website or service you are connecting to, instead showing as that of the VPN server instead. You can select from a number of different VPN servers, depending upon the platform, with some offering many individual servers in many different cities or countries around the world. It’s this ability to not only hide your IP address, but make it seem that you are connecting from a different location, that is used by VPN customers to bypass geo-location restrictions for services ranging from streaming sites to, yes, porn ones. “The most important thing to evaluate when choosing a VPN provider is whether it is trustworthy,” Proton said, echoing the Google warning; “This is crucial, as your VPN provider handles your internet connection, meaning it can see the browsing history you’re trying to keep private.” Business VPN technology works in the same way, but is employed for a different purpose than most consumer applications. They offer encrypted network connections for data transit across untrusted networks, allowing an organization that has offices in multiple remote locations to gain authenticated access to corporate systems. The U.K. National Cyber Security Centre recommends that organizations use native operating system clients where possible, stating that third-party VPN clients can increase the risk that “some data may be sent outside the VPN,” as well as increasing the risk that “some out-of-date software will be in use,” which is always a security concern. ForbesiPhone Users Warned — If You See This ‘Helpful’ Message, Do Not Reply Only Download VPNs From Official Sources, Google Warns Here’s the thing, though, consumer VPNs are not some privacy and security silver bullet. To suggest otherwise is, frankly, disingenuous. VPNs will not make you entirely anonymous online, even when hiding your IP address, because browser fingerprinting and other factors will likely come into play for the average user. VPNs are not security tools, and while some offer phishing protection and the like, they cannot replace a dedicated multi-layered defensive security strategy. Most people, most of the time, do not need to use a VPN. There, I’ve said it, and no doubt the VPN public reaction people will be emailing me within minutes. Sure, they have a use for getting around geo-location barriers, and, by implication, country-specific age restrictions, but the average user gains nothing from using one in a cafe or airport, as they are really not at risk from mythical Wi-Fi hackers in the first place. There, I’ve said that as well. If you really must use a VPN, then follow the Google security advisory recommendations to “only download VPN apps from official sources, and check for apps with the VPN badge in Google Play.” Free offers and the sideloading of untrusted apps should, of course, be avoided. As should any VPN that requests permission to access contacts or private messages.
