© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Security researchers discover 22 issues in Google One VPN

After conducting a security assessment of the Google One VPN service, NCC Group listed 22 issues, with the majority of them present on Windows and iOS applications.

VPN by Google One is currently available to Google One members on Premium plans (2 TB and higher) in more than 20 countries.

An information assurance firm, NCC Group, conducted a security assessment of Google One virtual private network (VPN) during the summer. In a 52-page report, it said it had made 22 initial discoveries: three were medium-severity findings, ten were rated as low-severity, and nine described as informational observations.

“The most notable finding was related to the requirement of the Windows application to be executed with administrator privileges. While NCC Group did not find any software vulnerabilities in this application, potential insecure coding practices could result in a privilege escalation attack,” NCC said in its report.

Google fixed the issue during the retest, and now the application is executed with user privileges.

“The other two medium risk findings found were in the login process of both Windows and macOS applications, which would allow local malicious applications to deny the availability of the service, or obtain the OAuth token sent after a successful login by manipulating local ports temporarily opened by the applications during the login process,” NCC said.

None of the issues were rated as critical or of high severity. However, as per the report, most problems still need to be resolved.

“Although no significant risks were identified in this assessment, it is recommended that the issues outlined in this report are reviewed in line with a suitably robust defense in depth approach which continuously monitors the organization’s security posture,” NCC Group said.

More from Cybernews:

Weekly recap: from lawsuit against TikTok to viral Chat GPT

Cybersecurity boss pleads guilty to defrauding own company

What does FTX collapse tell us about today’s world of crypto?

Life lessons learned from 25 years of GTA controversy

Twitter might not encrypt messages after all, new safety chief says

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked