Surfshark to Release Update After Security Flaw Call Out
Updated · Apr 20, 2022
The provider faced criticism alongside five others for an issue that can negatively impact user security.
Poor Security Design
The popular virtual private network was sounded out for reasons such as installing Trusted Root Certificate Authority security certification on its apps. It was not the only one - TurboVPN and VyprVPN are among those, that also faced criticism.
According to TechRadar, the security flaw can cause surveillance or man-in-the-middle attacks. A compromise can result in a hacker forging more certificates among other security concerns. Basically, it would put the data and communication security of the device it was installed on at risk.
AppEsteem tanked the VPN for installing the cert even when a user cancels it.
However, the provider allegedly uses its own root certificate “solely to connect to VPN servers using the IKEv2 protocol.”
Now the company says that it will remove the protocol option.
"When using the Surfshark root certificate, customers put their trust only in a VPN provider and not a third-party agency that can be compromised," Surfshark said in an email. "We've been working on turning off the no longer popular IKEv2 protocol and focusing all our efforts on supporting Wireguard and OpenVPN protocols. This will eliminate the need to install the certificate."
Daniel is an Economics grad who fell in love with tech. His love for books and reading pushed him into picking up the pen - and keyboard. Also a data analyst, he's taking that leap into data science and machine learning. When not writing or studying, chances are that you'll catch him watching football or face-deep in an epic fantasy novel.
Latest from Author
Your email address will not be published.