The entire purpose of using a VPN is to ensure that your internet activity remains private and that the user remains anonymous. So it certainly defeats the purpose when a security flaw is found in a popular VPN app that can expose user data as well as locations. One such information disclosure flaw has been discovered in AnchorFree’s Hotspot Shield Vpn App that’s used by an estimated 500 million people across the globe.
VPN services route the user’s internet traffic through their own encrypted servers which makes it difficult to pick out individual users and eavesdrop on traffic. Many rely on these services for just that reason, particularly those based in countries where the government puts restrictions on the internet to suit its own objectives.
Paulos Yibelo found this bug that causes the leak of user data such as the name of the country where the user is located and if connected, the name of the Wi-Fi network. This information can be used to narrow down users by correlating the Wi-Fi network’s name with data that’s available to the public.
ZDNet reports that using Yibelo’s proof-of-concept code, it’s really possible to reveal a Hotspot Shield user’s Wi-Fi network even when they’re connected to the VPN service. They tested it on multiple machines and different networks and were able to reproduce the findings every time.