Free VPN users at risk of blackmail, cyber experts warn
Some web services are set up with malicious intent
UAE residents who use free VPNs could leave themselves wide open to blackmailers, experts have warned.
Security firms said unscrupulous companies offering the service could potentially track which sites users were browsing and identify any illegal activity.
The use of VPNs in the Emirates is not in itself against the law, but accessing certain content and websites from the country can be.
Experts suggested free VPN services may be less secure and more susceptible to hacking, potentially increasing users’ risk.
“The doomsday scenario is they [hackers] will be using your data to find out what you have been doing and use it as leverage for blackmail,” said Matt Walmsley, director for Europe and the MENA region at technology firm Vectra.
The doomsday scenario is they will be using your data to find out what you have been doing and use it to blackmail you
“What if you were using it to look at content that some would feel is inappropriate?
“They could use any behaviour or activity you want to remain anonymous as leverage.”
VPNs, or virtual private networks, typically enable users to send and receive data across public networks as if their computer was connected to a private system.
The technology was initially developed to help employees who were working remotely continue to be able to access their office applications and resources.
Today, however, the service is also commonly used internationally to circumvent regional restrictions on certain content or websites.
By connecting to the internet via a server based in a different country, users can access sites that may be blocked in their home country.
In an interview with The National, Mr Walmsley said blackmail over VPN use might not necessarily take the form of a demand for money.
He said in some instances, weak encryption could mean hackers were able to gain access to company websites and systems.
“If you are using a free VPN, you have to ask who is operating it and what services are they providing,” he said.
“It would be prudent to check out the company supplying the free VPN and take a look at how their services are funded.
“It’s certainly not the case all free VPNs are bad, but you have to be informed about who has access to your information.”
One telltale sign that a VPN should be avoided is if it asks for permission to gain access apps on your mobile phone, Mr Walmsley said.
“It’s particularly risky on mobile phones because you could end up giving them access to all your apps.
“You have to ask yourself why they would be requesting access to your apps.”
Brian Chappell, director of product management at tech company BeyondTrust, who works with UAE firms, also questioned the benefits of using a free VPN in the region.
“You are leaving yourself open to exploitation,” he said.
“There is the risk you will be giving someone the opportunity to view all your data unencrypted. You don’t know where your data is going to go or what it could be used for – so why take that risk?”
Garreth Scott, the managing director of Dubai tech company Credence Security also urged caution. He said criminal activity could take many forms, from selling hacked data to embedding malicious codes into a private network.
“At the end of the day using a VPN doesn’t mean you are completely safe,” he said.
“There are many free VPNs out there that are legitimate, but there are also plenty that aren’t and have been set up with malicious intentions.”
Updated: March 15, 2020 08:28 AM