Weaker Encryption & Handshakes
The two most concerning VPNs in terms of encryption were HTTP Injector and Phone Guardian.
HTTP Injector functioned unreliably, sometimes changing my IP address and sometimes not.
In the screenshot I’ve shared below, you can see how the HTTP Injector app also repeatedly attempted to initiate the VPN tunnel using the outdated and insecure TLSv1 before switching to TLSv1.3.
TLSv1 dates back to 1999 and was formally deprecated in 2021.
Note that the SNI can be obfuscated in the app UI, with facebook.com as the default app setting.
Screenshot of the attempted use of TLSv1 by HTTP Injector VPN Android app.
Phone Guardian advertises itself as a VPN but it doesn’t really behave like one.
It neither hid nor changed my IP address, nor did it encrypt the majority of my internet traffic.
Instead, Phone Guardian only encrypts HTTP sites when you connect to untrusted WiFi networks.
Unfortunately, this means the details of any HTTPS websites you visit remain exposed via DNS lookups and SNI in HTTPS handshakes.
While Phone Guardian works as intended, it’s very easy to be misled into believing you are being protected in the same way as a normal VPN.
More broadly, I found that at least 35 VPNs encrypted traffic using algorithms that, while neither insecure nor “broken”, could be considered sub-optimal as they were 128-bit rather than the stronger 256-bit encryption.
I found something similar with the implementation of PRF (Pseudo-Random Function) in the cipher suite of 11 VPNs. These VPNs used AES-128-CBC for PRF rather than the stronger HMAC-SHA2-256.
I also identified 16 VPNs that always used TLSv1.2 as the handshake protocol, plus another 2 VPNs that used it some of the time.
While use of TLSv1.2 remains acceptable, especially if it is manually configured to remove support for vulnerable cipher suites, this version of the protocol is nearing the end of its life and has been superseded by the faster and more secure TLSv1.3.
Given how free VPNs are often used to hide sensitive internet activity in high-censorship regions, it’s disappointing to see so many that fail to adopt the most secure forms of encryption.
Most problematic however were the four VPNs that I found using SSLv2 as the handshake protocol to establish a VPN tunnel.
This obsolete protocol is almost 30 years old and was quickly superseded by SSLv3 and since then by the various versions of TLS.
The four VPNs using this vulnerable protocol were:
- Thunder VPN
com.fast.free.unblock.thunder.vpn - Tomato VPN
com.ironmeta.security.turbo.proxy.vpntomato.pro - Urban VPN
com.urbanvpn.android - VPN Ukraine
vpn.ukraine_tap2free
I identified two other VPN apps using SSLv2, albeit in a different and unusual manner.
After establishing a VPN tunnel using TLS, I observed the following apps make additional connections to VPN servers on different IPs to the tunnel endpoint using the obsolete protocol.
- “VPN – fast secure vpn proxy”
com.optimizer.booster.fast.speedy.phone.smooth - VPN Monster
free.vpn.unblock.proxy.vpnmonster
I observed the apps sending and receiving hundreds of packets over these insecure connections.
