Risky Behavior: VPN providers install root certificates without user consent
brooke.crothers
Wed, 04/27/2022 – 16:21

Some VPN apps automatically install self-signed trusted root certificates without informed user consent, says cybersecurity research firm AppEsteem.

“We listed them after our research showed that these apps automatically install self-signed trusted root certificates without informed user consent to avoid the risk involved.” AppEsteem said in a blog.

The problem is, if an additional root certificate is installed from a VPN provider, the certificate can pass the encryption and authenticity checks of the service you are using like Mozilla Firefox, WhatsApp, as TechRadar reports.

And that can lead to security vulnerabilities. “When you add a new trusted root certificate to your device, you enable the third-party provider to collect almost all data that’s transmitted to or from your device,” TechRadar said.

Why is a root certificate so important?

In a…



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.