Surfshark VPN Plans Updates After Being Dinged for Risky Security Design

Date:

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY



Sarah Tew/CNET

Surfshark VPN said Tuesday it will soon release updates to its popular virtual private network app, after it was among six popular VPNs dinged by AppEsteem researchers for unsound security design in an April report.

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

Researchers revealed that the Surfshark app obtains an alarming amount of influence over a user’s device security by installing a risky piece of tech known as a Trusted Root Certificate Authority security certification. Surfshark said it will continue installing the certificates but has fixed other problems noted by AppEsteem. 

As reported by TechRadar, if a company’s own Trusted Root CA certificate were compromised, it could undermine all of a device’s data and communication security. AppEsteem found that Surfshark’s app installs the security certificate even when a user cancels the app’s overall installation. Surfshark previously said the certificates are necessary only for the use of its IKEv2 encryption protocol option, but the company told CNET Tuesday that it plans to remove the protocol option. 

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

“When using the Surfshark root certificate, customers put their trust only in a VPN provider and not a third-party agency that can be compromised,” the company said in and email. “We’ve been working on turning off the no longer popular IKEv2 protocol and focusing all our efforts on supporting Wireguard and OpenVPN protocols. This will eliminate the need to install the certificate.”

AppEsteem also found a number of other security and privacy concerns with the Surfshark app. Researchers found the app continued running processes in the background even after the VPN was disconnected and the app itself closed. Surfshark also left components installed on a user’s device after the app was uninstalled. Researchers also dinged Surfshark for not providing customers enough information on how to cancel annual subscriptions or how customers would be notified about subscription renewal.

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

“As for AppEsteem’s evaluation, we’ve closely cooperated with the company in quickly fixing the highlighted issues. All of them have already been fixed, and all Windows users should soon receive an updated version of the app,” Surfshark said. 

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

Read more: NordVPN and Surfshark are merging, continuing VPN consolidation trend



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

Popular

More like this
Related

A guide to VPN troubleshooting: fix all your VPN problems

The best VPN services run smoothly in the...

Private Internet Access (PIA) VPN review

Private Internet Access (also called PIA) is an...

Shopee layoffs: Tech redundancies necessary for industry

CNA – Tech companies have slashed jobs this...