Risky Behavior: VPN Providers Installing Root Certificates Without User Consent

April 27, 2022, 11:21 p.m. | brooke.crothers

Security Boulevard securityboulevard.com

Risky Behavior: VPN Providers Installing Root Certificates Without User Consent

brooke.crothers

Wed, 04/27/2022 - 16:21

4 views

Some VPN apps automatically install self-signed trusted root certificates without informed user consent, says cybersecurity research firm AppEsteem.

“We listed them after our research showed these apps automatically installing self-signed trusted root certificates without informed user consent for the risk that this introduced,” AppEsteem said in a blog.

The problem is, when an additional root certificate is installed by a VPN provider, …

certificates consent root vpn

Visit resource

More from securityboulevard.com / Security Boulevard

Cradlepoint Adds SASE Platform for 5G Wireless Networks 5 hours ago | securityboulevard.com

5g access cloud cloud service +28

BTS #28 – 5G Hackathons – Casey Ellis 6 hours ago | securityboulevard.com

casey ellis eclypsium enterprise hackathons +6

CCPA Compliance with Accutive Data Discovery and Masking: Understanding and protecting your sensitive data 6 hours ago | securityboulevard.com

act adm platform articles businesses +30

USENIX Security ’23 – Token Spammers, Rug Pulls, and Sniper Bots: An Analysis of the … 9 hours ago | securityboulevard.com

access analysis authors binance +21

USENIX Security ’23 – Token Spammers, Rug Pulls, and Sniper Bots: An Analysis of the … 9 hours ago | securityboulevard.com

access analysis authors binance +20

CoralRaider Group Delivers Three Infostealers via CDN Cache 9 hours ago | securityboulevard.com

cache campaign cdn cisco +33

Daniel Stori’s ‘New Job’ 11 hours ago | securityboulevard.com

daniel daniel stori humor job +6

DirectDefense Report Sees Shifts in Cyberattack Patterns 12 hours ago | securityboulevard.com

analytics & intelligence cloud security cyberattack cyberattacks +24

Secure-by-Design Software in DevSecOps 13 hours ago | securityboulevard.com

design devops devsecops expertise +11

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Security Audit and Compliance Technical Analyst

@ Accenture Federal Services | Washington, DC

View on infosec-jobs.com

ICS Cyber Threat Intelligence Analyst

@ STEMBoard | Arlington, Virginia, United States

View on infosec-jobs.com

Cyber Operations Analyst

@ Peraton | Arlington, VA, United States

View on infosec-jobs.com

Cybersecurity – Information System Security Officer (ISSO)

@ Boeing | USA - Annapolis Junction, MD

View on infosec-jobs.com

Network Security Engineer I - Weekday Afternoons

@ Deepwatch | Remote

View on infosec-jobs.com

View more jobs

all InfoSec news

Risky Behavior: VPN Providers Installing Root Certificates Without User Consent

More from securityboulevard.com / Security Boulevard

Jobs in InfoSec / Cybersecurity

SOC 2 Manager, Audit and Certification

Security Audit and Compliance Technical Analyst

ICS Cyber Threat Intelligence Analyst

Cyber Operations Analyst

Cybersecurity – Information System Security Officer (ISSO)

Network Security Engineer I - Weekday Afternoons