Surfshark VPN rolls out updates after being dinged for risky security design

Date:

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY



Sarah Tew/CNET

Surfshark VPN said Tuesday it will soon release updates to its popular virtual private network app, after it was among the six popular VPNs dinged by AppEsteem researchers for unsound security design in an April report. Researchers revealed that the Surfshark app obtains an alarming amount of influence over a user’s device security by installing a risky piece of tech known as a Trusted Root Certificate Authority (CA) security certification. Surfshark said it will continue installing the certificates but has fixed other problems noted by AppEsteem. 

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

As reported by TechRadar, if a company’s own Trusted Root CA certificate were compromised, it could undermine all of a device’s data and communication security. AppEsteem found that Surfshark’s app installs the security certificate even when a user cancels the app’s overall installation. Surfshark previously said the certificates are necessary only for the use of its IKEv2 encryption protocol option, but the company told CNET Tuesday that it plans to remove the protocol option. 

“When using the Surfshark root certificate, customers put their trust only in a VPN provider and not a third-party agency that can be compromised,” the company said in and email. “We’ve been working on turning off the no longer popular IKEv2 protocol and focusing all our efforts on supporting Wireguard and OpenVPN protocols. This will eliminate the need to install the certificate.”

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

AppEsteem also found a number of other security and privacy concerns with the Surfshark app. Researchers found the app continued running processes in the background even after the VPN was disconnected and the app itself closed. Surfshark also left components installed on a user’s device even after the app was uninstalled. Researchers also dinged Surfshark for not providing customers enough information on how to cancel annual subscriptions, nor how customers would be notified about subscription renewal.

“As for AppEsteem’s evaluation, we’ve closely cooperated with the company in quickly fixing the highlighted issues. All of them have already been fixed, and all Windows users should soon receive an updated version of the app,” Surfshark said. 

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY

Read more: NordVPN and Surfshark are merging, continuing VPN consolidation trend

CHOOSE YOUR CHOICE GIFT CARD OFFER TODAY



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

Popular

More like this
Related

SteamOS and Steam Deck on top for Linux in the Steam Hardware Survey

The latest Steam Hardware & Software Survey is...

PayPal Cashback Mastercard review: Unlimited rewards

PayPal burst onto the...

Cybersecurity Terms You Should Know 

Information is the lifeblood of your small business....

3 Warren Buffett Stocks to Buy Hand Over Fist in October

For nearly six decades, Berkshire Hathaway (BRK.A -0.06%)...