Cristian Randieri* believes many free VPN tools contain malware that cybercriminals could use to steal people’s data, gain unauthorized access to their data or machine, or launch a cyber-attack.
An issue that, due to the special conditions of Iranian users, apparently has no solution and they try to bypass filtering by using multiple free VPN at the same time. Although we has repeatedly warned that the devices of the victimes of insecure VPN will become “zombies” and misuses for internal and external cyber attacks, But it is the responsibility of the relevant and responsible organizations in this field to deal with these problems.
We had an interview with »Cristian Randieri« about types of possible threats in VPNs.
by Farahnaz Sepehri
Firs of all how secure do you think VPNs can be?
The question of how secure VPN services typically depend on the VPN being used. Generally speaking, a VPN from a reliable provider will encrypt the user’s data and online browsing history to shield them from hackers and ISPs. Not all VPN services are created equal. So, choosing the right option for your personal or business needs is crucial. When selecting a VPN to use, I suggest evaluating a few key factors to keep in mind: how it is reliable and fast and if it is a good value for the money.
A trusted VPN should include robust security features like IP address encryption and two-factor authentication. Sadly, some companies will claim that their product is a VPN, but these services ultimately do not have the encryption capabilities that VPNs are known for. Before you subscribe to a service or purchase a subscription, it is always advisable to research to ensure that your data will be effectively protected.
It is also essential to consider how quickly it is because an inevitable part of VPN usage is that your Internet speed could visibly suffer. Indeed, sending your data over a VPN server adds a stage to your online browsing experience. If speed is a significant concern, consider testing your Internet speed and how it is affected by various VPNs that provide free trials.
To understand if your choice of VPN is a good value for the money paid, check how reviewers and customers feel. Discover the popularity or relevance of a VPN before using it. Some services are highly recommended as they work well and have extensive experience protecting client information without security breaches.
In conclusion, it is essentialto consider what you want and need for a VPN service and ensure that the service provider you are installing checks everything on your list. You want to avoid paying for a sub-category commodity.
-Do you have statistics about VPNs insecurity?
The best VPNs are secure, which certainly adds an online security layer. However, a VPN can only protect from some potential cyber threats, so even if they are competent, this should not be where your online security measures stop. It’s not only the VPN you use those matters, but how, when and where you use it that can make a difference.
Indeed, there are no official statistics on VPNs’ insecurity, and it seems obvious why. We can therefore talk about VPN usage security. It depends on which provider protects personal information online, provides transparent privacy policies, corrects data breaches, and does not track its users.
However, I can say that many free VPN tools contain malware that cybercriminals could use to steal people’s data, gain unauthorized access to their data or machine, or launch a cyber-attack. A research report from the ICSI Networking and Security Group revealed that 38% of the 283 Android VPN apps reviewed contained malware. Generally, the best VPN tool or application contains features like Internet Protocol (IP) address leak prevention, No information logging, VPN kill switch and a Multi-factor authentication (MFA).
-What points should be considered for safe use of a VPN?
VPNs can be an efficient way to provide remote access to a network. But VPN connections can be misused to access a network without relying on malware and secret communication channels. Thus, it is crucial to identify the security controls that must be considered during implementing VPN connections.
The most crucial point to consider for securing a VPN is the efficient recording and analysis of VPN connections. Effective logging is essential to the accounting of activities performed on a network, as it also provides a central repository of information in case of attempted compromise or success. Efficient log scanning helps to locate malicious and unauthorized activity quickly. It is vital to ensure that the VPN login information that needs to be recorded includes: Authentication Information, Session Information, Completed Activities, and Remote Host Information.
In other words, any certificate information is provided when a VPN connection is made using a certificate, VPN user account credentials, information about the remote host and the time of any failed authentication attempts.
But also, the time it takes to establish a VPN connection, the time it takes to connect and the amount of data transferred; The activities conducted by VPN users, particularly those related to sensitive resources, all remote host identification information such as OS, IP address, MAC address and hostname.
-Some countries like Iran have filtered the Internet and its limitations have made people switch to VPN. In your opinion, considering the insecurities that VPN can create, how can it affect the work and education or country’s economy?
I believe that communication in globalization is paramount because people from different countries, ethnicities, languages, cultural attitudes and other variations need to understand,for example, that the ability to communicate with people inside and outside your country is a crucial characteristic of successful entrepreneurs in global trade.
However, for countries like Iran that have filtered the Internet, there are several problems, concerns and vulnerabilities related to the deployment of VPN services. To protect the security of your network, it is essential to understand these common problems associated with VPNs. VPNs are not secure because they can expose entire networks to malicious software, DDoS attacks and spoofing attacks. Once an attacker has penetrated the network through a compromised device, the whole network can be shot down.
Generally, while using VPN software increases security over an unencrypted connection, connection speeds and application performance may decrease due to several factors. For instance, the time required to provide and test the VPN usually involves other services such as computer support. This has to happen before access to an application or a server can be tested. This two-stage process slows things down and often involves staff unfamiliar with the application or the use of vendors to gain access in the first place.
This results in lengthy delays in hiring Supplier Support Technicians, which also affects the productivity of your workforce and the quality of customer service.
– Using VPN for children means unlimited access to Internet. How parents can manage or restrict VPN usage for children.
First, we need to know that parental control software commonly used to block or restrict content, websites and applications that refuse access are based on the user’s IP address. When you access the Internet via a VPN, your filters have a different IP address and, therefore, cannot enforce the rules. This means that your child can use a VPN to easily override the settings you have in place to prevent them from accessing content or restricted platforms. Similarly, students can circumvent their school’s Internet restrictions by accessing blocked websites containing inappropriate content or consuming the network’s full bandwidth.
If you know what a VPN is and how it works, your knowledge can help protect your children online and in the real world. As parents, we should establish rules and expectations on how to use technology that we believe are in our children’s best interests.
If using a VPN makes it more difficult for you to keep your children safer, you can make a technology agreement to forbid them from using one, along with other rules that work for your family.
You can also monitor their online activities with specific software to get alerts to potential problems like cyberbullying, sexting, suicidal thoughts, threats of violence, and more.
– VPN is a mouse and cat play between governments and VPN developers. Therefore we witness a daily challenge, what is the future of this game or war?
This game will only stop if governments are much more open to globalization.Otherwise, while the government is finding new ways to detect and block VPN traffic, providers are finding new ways to hide VPN traffic and finish blocks. There is no evidence that either party has a decisive advantage.So, this will be “an ongoing cat-and-mouse or whack-of-the-mole game,”
*About Cristian Randieri,
The brief his experience:
NASA Postdoctoral Program (NPP) Reviewer at USRA (Universities Space Research Association). Professor & Scientist at eCampus University and EU External Expert. Also he has PhD in Engineering in Computer Science and Telecommunications.