VPN service Hola takes measures against misuse of the network

Spread the love

The VPN service Hola, which was discredited last week because it sells bandwidth to users, says it has taken measures to prevent criminals from misusing the service. According to security researchers, Hola is still unsafe.

Hola CEO Ofer Vilenski admitted in a post on Hola’s website that the fact that users share bandwidth with others was not made clear enough on the website. It has now been adjusted. The Hola user bandwidth that the company sells through its subsidiary Luminati is being used for “legitimate commercial purposes,” Vilenski said. He states that the company can always check what companies send via Luminati, so that the service would not be attractive to criminals.

The company is said to have analyzed a spam attack on 8chan, which revealed that the site is selling bandwidth from users. An attacker had used Luminati to bombard the internet forum with a ddos ​​attack, which traced 8chan to a ‘botnet’ of Hola users. Hola says it is taking measures to ensure that such abuse does not occur again, and is willing to cooperate in an investigation into the incident. A chief security officer is due to be appointed soon, while the company is also undergoing a security audit.

According to a group of security researchers who published their own findings about Hola on the website Adios Hola, Vilenski’s answer is incomplete and incorrect on certain points. They claim that Hola has absolutely no way of finding out what companies are doing on the Luminati platform, based on chats with the company’s sales associates. In addition, users also share bandwidth with each other, which is inherent in the peer-to-peer service model. Therefore, according to the researchers, users run the risk of a malicious other user misusing their Internet connection for criminal purposes.

The researchers write that the Hola software also contains major security vulnerabilities. For example, they demonstrate an exploit on their website that allows anyone to remotely install malware and even rootkits when using Hola. While Vilenski claims that two vulnerabilities have since been patched, the researchers say that the patch does not fix the problems, but only masks them, and that there are four other serious vulnerabilities in the software.

Hola is a free service that allows users to redirect their internet traffic; it is available as a Firefox and Chrome extension, among others. Unlike other VPN services, where internet traffic is forwarded via a central server, websites are retrieved via other users of Hola. In this way, for example, geo-blocks can be circumvented.

You might also like
Exit mobile version