امکان ردیابی کاربران با فیلترشکن معروف Hotspot Shield

اپلیکیشن‌هایVPN گوناگونی در سراسر جهان وجود دارند که نقش فیلترشکن را برعهده دارند و کاربران در برخی از کشورها که محدودیت‌های بیشتری بر محتوای موجود بر فضای مجازی اعمال کرده‌اند، به منظور دور زدن فیلترینگ، دسترسی به محتوای موردنظر و جلوگیری از ردیابی و ردگیری شدن توسط اپراتورهای مخابراتی و رگولاتوری‌ها از آنها استفاده می‌کنند.

یکی از پژوهشگران فعال در زمینه امنیت سایبری می‌گوید به تازگی یک روزنه و حفره امنیتی را در اپلیکیشن وی پی ان معروف به هات اسپات شیلد (Hotspot Shield) کشف کرده است که امکان دستیابی به موقعیت مکانی و آدرس آی پی اتصال به اینترنت و ردیابی کاربران را به اپراتورهای مخابراتی و دستگاه‌های مربوطه می‌دهد.

اپلیکیشن VPN Hotspot Shield که توسط شرکت AnchorFree توسعه داده شده است، بالغ بر ۵۰۰ میلیون کاربر در سراسر جهان را تحت پوشش گسترده خود قرار داده و همواره به کاربرانش این اطمینان را داده است تا از محفوظ ماندن موقعیت مکانی خود و عدم ردیابی آنها توسط نهادهای دولتی کشورشان مطمئن بوده و با خیال آسوده به گشت‌وگذارهای اینترنتی خود ادامه دهند و به محتوای مورد نظر دسترسی یابند.

این وی پی ان که دارای دو نسخه رایگان و غیررایگان است؛ همواره مدعی بوده است که با بهره‌گیری از سیستم رمزگذاری نسبتا پیشرفته، کلیه ترافیک مصرفی کاربران را رمزگذاری کرده و به آنها امکان وب‌گردی در شبکه ناشناسی را می‌دهد که از طریق یک تونل مجازی میان کاربر و گذرگاه اینترنت بوجود آمده و بسیار امن و غیر قابل نفوذ است.

حالا با کشف چنین روزنه و ضعف امنیتی در نرم‌افزار هات اپات شیلد، تمامی این اطمینان خاطرها به هاله‌ای از شک و تردید کشانده شده است به گونه‌ای که دیگر نمی‌توان گفت ترافیک مصرفی کاربران غیرقابل ردیابی و شناسایی است و اپراتورهای مخابراتی و نهادهای دولتی این امکان را دارند تا با استفاده از این آسیب‌پذیری و روزنه امنیتی به موقعیت مکانی و آدرس IP دقیق و درست کاربران پی ببرند.

A flaw in Hotspot Shield can expose VPN users, locations

The virtual private network says it provides a way to browse the web “anonymously and privately,” but a security researcher has released code that could identify users’ names and locations.
A security researcher has found a way to identify users of Hotspot Shield, a popular free virtual private network service that promises its users anonymity and privacy.
Hotspot Shield, developed by AnchorFree, has an estimated 500 million users around the world relying on its privacy service. By bouncing a user’s internet and browsing traffic through its own encrypted pipes, the service makes it harder for others to identify individual users and eavesdrop on their browsing habits.
ut an information disclosure bug in the privacy service results in a leak of user data, such as which country the user is located, and the user’s Wi-Fi network name, if connected.

That information leak can be used to narrow down users and their location by correlating Wi-Fi network name with public and readily available data.

“By disclosing information such as Wi-Fi name, an attacker can easily narrow down or pinpoint where the victim is located,” said Paulos Yibelo, who found the bug. Combined with knowing the user’s country, “you can narrow down a list of places where your victim is located,” he said.

ZDNet was able to independently verify Yibelo’s findings by using his proof-of-concept code to reveal a user’s Wi-Fi network. We tested on several machines and different networks, all with the same result.
VPNs are popular for activists or dissidents in parts of the world where internet access is restricted because of censorship, or heavily monitored by the state, as these services mask a user’s IP addresses that can be used to pinpoint a person’s real-world location.

Being able to identify a Hotspot Shield user in an authoritarian state could them at risk.

The vulnerability is found in the web server (hosted on port 895) that Hotspot Shield installs on the user’s computer. The proof-of-concept code, just a few lines long, calls from a JavaScript file hosted on the web server to return several sensitive values and configuration data.

He told ZDNet that the code only took him a few seconds to write.

Although the proof-of-concept code only returned the values to the user, he said that the code could be easily adapted to collect and store the user’s information, such as from a booby-trapped website.

Yibelo said he was able in limited circumstances to obtain real IP addresses of a user, but that the results were mixed. ZDNet did not see real IP addresses in our tests. For its part, AnchorFree strenuously denied that real IP addresses were exposed, contrary to Yibelo’s claim.
We have reviewed and tested the researcher’s report,” said AnchorFree’s Tim Tsoriev. “We have found that this vulnerability does not leak the user’s real IP address or any personal information, but may expose some generic information such as the user’s country.”

“We are committed to the safety and security of our users, and will provide an update this week that will completely remove the component capable of leaking even generic information,” he added.

Yibelo made details of the vulnerability and proof-of-concept code public on Monday after not receiving a response from AnchorFree in December. Yibelo later submitted the bug through a bounty offered by Beyond Security, a cybersecurity firm, which also didn’t hear back from the company.

It’s not the first time Hotspot Shield has been embroiled in controversy.

Last year, a Washington DC-based privacy group accused the company in a filing with the Federal Trade Commission of violating its “anonymous browsing” promise, by intercepting and redirecting web traffic to partner websites, including advertising companies.

AnchorFree rebuffed the claims as “unfounded.”