DBSA:2015-0003

From Digibase Knowledge Base
Revision as of 15:42, 31 May 2015 by Kradorex Xeron (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.

Digibase Security Advisory - Hola VPN Considered Malicious

Keywords: Hola, VPN, malicious, network, connectivity, botnet, malware

DBSA ID: 2015-0003

Regarding: Hola VPN Considered Malicious

Writeup: Kradorex Xeron (talk) 15:22, 31 May 2015 (EDT)

Date: 2015 05 31

Last Modified: 20150531154237 by Kradorex Xeron

Who should take note: Everyone (especially all Hola VPN users and prospective users)

Classification

Priority: HIGH

Rationale: Users need to act to protect their computer systems.

Severity: HIGH

Rationale: Users may be subject to illegal activities being conducted over their Internet connection.

Spread of Issue: MULTI-PLATFORM HIGH

Rationale: The service website is claiming "47 million" users, thus it is estimated that number are effected by this advisory.

Description

Hola is a VPN (Virtual Private Network) service that claims that it provides users the ability to connect and access geographically-locked services and further claims to enhance privacy. The service operates on a peer to peer (p2p) model by establishing a mesh network between users where third parties may use a user's Internet connection to gain access into countries where content is accessible.

It has been identified that users of the free version are unable to opt-out of contributing their connections potentially to illegal activities without paying for the premium version. It has also been more critically identified that the software has multiple exploits and bad security implementations that may result in the network being used like a botnet where malicious parties can directly run software including malicious code on users' machines with the credentials of the operating system itself. This has the potential for 1) malware to be installed in a way to deny access to the administrative user who may attempt to remove that software without advanced techniques and 2) for private user data to be copied and transmitted to malicious parties.

The vendor has attempted to subvert online scanners to inform individuals if they are vulnerable or not, but has failed to address the issues with the vulnerabilities.

Mitigation/Solution

It is strongly advised to immediately cease usage of Hola and to uninstall the Hola programs, any browser extensions or related components and to scan with anti-malware/anti-virus software after uninstallation and to monitor one's system for undesired operation. It may be optionally advisable to use software like Revo Uninstaller (http://www.revouninstaller.com/revo_uninstaller_free_download.html) to conduct the uninstallation to monitor for leftovers.

References