US security agency urges Android and iPhone users to stop using personal VPNs
- CISA warned that personal VPNs can increase a user’s “attack surface”
- The advice is part of a broader alert about sophisticated spyware
- Dodgy VPNs, especially free apps, may collect data or inject malware
The US’s top cybersecurity agency has issued a stark warning in its latest missive: “Do not use a personal VPN.”
The advice comes from the Cybersecurity and Infrastructure Security Agency (CISA), which has cautioned iPhone and Android users that many commercial VPN services may do more harm than good. According to CISA, “personal VPNs simply shift residual risks from the internet service provider (ISP) to the VPN provider, often increasing the attack surface.”
The warning suggests that while a VPN can shield your activity from your ISP, you are placing your trust in the VPN provider, many of which “have questionable security and privacy policies.” This is a significant statement from a federal agency, suggesting a foundational risk in how many commercial VPNs operate.
The alert is part of a wider effort to combat the rise of advanced commercial spyware. Security agencies are increasingly concerned about malicious actors using sophisticated tools to infiltrate smartphones, and a fraudulent VPN app is an ideal Trojan horse.
As a recent Google security alert also highlighted, threat actors are adept at distributing malicious apps disguised as legitimate VPN services to compromise user security and steal everything from browsing history to financial credentials.
These warnings are particularly pertinent given the surge in VPN usage to bypass geo-restrictions or in response to new legislative measures such as age verification laws. However, as CISA’s advice implies, the rush for a quick privacy fix can lead users to download dubious apps that are, at best, ineffective and, at worst, outright spyware.
How to choose a secure and private VPN
CISA’s blanket warning suggests that all VPNs are untrustworthy, but the core of the issue lies with questionable providers.
The best VPN services are transparent, audited, and committed to user privacy. To stay safe, you should look for a provider with a strict and independently verified no-logs policy, ensuring they don’t collect or store any data about your online activities.
Furthermore, robust encryption protocols such as OpenVPN and WireGuard form the backbone of secure VPN connections, ensuring that your online traffic remains private and protected from interception. These encryption standards use advanced cryptographic techniques to shield your data from hackers, ISPs, and government surveillance, making it extremely difficult for third parties to decipher your communications.
When selecting a VPN, it’s also recommended to look for additional security-oriented features that strengthen your online protection.
One of such options is a kill switch, which automatically blocks your internet access if the VPN connection unexpectedly drops. This prevents your IP address and sensitive data from being exposed in plain text, a common risk if the safeguard isn’t in place.
Other valuable features might include DNS leak protection, multi-hop connections that route traffic through multiple servers, and perfect forward secrecy (PFS), which changes encryption keys frequently to minimize data exposure.
For those seeking the most private VPNs, the key is to choose a reputable provider that prioritizes user security above all else. TechRadar’s top-rated VPN, NordVPN, for example, offers a suite of advanced features and is currently running an exclusive discount for TechRadar readers, making it an excellent choice for those looking to bolster their online security without falling victim to the pitfalls CISA has warned about.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
CISA warned that personal VPNs can increase a user’s “attack surface” The advice is part of a broader alert about sophisticated spyware Dodgy VPNs, especially free apps, may collect data or inject malware The US’s top cybersecurity agency has issued a stark warning in its latest missive: “Do not use…
