Virtual Private Network (VPN) servers that were running OpenVPN were confiscated in Ukraine recently and turned out to be unencrypted, the privacy tools firm Windscribe admitted.
ArsTechnica reported that Windscribe was not able to encrypt its VPN servers in Ukraine. Thus, the authorities in the region freely impersonated the servers, which eventually led to capturing and decrypting the traffic that was using the system.
It is worth noting that Windscribe wrote on its blog that two of its servers were seized by Ukrainian authorities as they were undergoing an investigation of an incident that happened in 2020.
VPN Servers Confiscated in Ukraine
The Ontario, Canada-based privacy company revealed that their monitoring system only knew about the incident on the Ukraine servers on June 24.
It turned out that the hosting provider already knew about the seizure of the VPN servers during the preliminary hearing, which happened early this year.
However, Windscribe said that the hosting provider did not inform them about the decision of the authorities, adding that the privacy-tools firm stands that their servers were uncompromised even before the confiscation.
The company further noted that the disk of the seized servers used an OpenVPN server certificate, along with a private key. But it also admitted that the servers in Ukraine that centered the investigation were actually running a legacy stack instead of encryption.
Windscribe went on to assure that they are already addressing this problem.
Unencrypted VPN Servers
That said, Arstechnica suggested in the same report that such an incident raised the possibility that the plethora of VPN services out there carries the same risk.
The outlet further noted that failing to encrypt the servers goes away with the standard industry practices, adding that it forgoes any security guarantee for the users.
The privacy-tools firm assured that its VPN services are undergoing an overhaul, which focuses on improving its security.
One of the moves that the company did moving forward involved replacing OpenVPN with a counterpart that, Windscribe said, "follows industry best practices."
Furthermore, the company said that it also decided to transition the entirety of its servers as in-memory, which means that it will no longer have a hard disk backup.
As such, the data will only be stored in RAM. Thus, it could no longer be available once the serves have been turned off.
Aside from that, Windsribe also introduced new features for its services, such as an option to replace the IP address without the need to disconnect, the ability to request for a static and specific IP, as well as a client side R.O.B.E.R.T rules that are not stored in any database.
Elsewhere, a study showed that 79 out of 250 VPN apps in the Google Play Store were actually leaking the data of its users. And a hacker used another VPN service to get hold of thousands of confidential information.
This article is owned by Tech Times
Written by Teejay Boris