Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass, is facing scrutiny after the discovery of severe memory protection vulnerabilities in its products.
Despite having established itself as a trusted name for safeguarding user data, these flaws could expose sensitive personal information, including encrypted VPN traffic and credit card details, to malicious actors.
Memory Exploits in Proton Pass
Proton Pass, a password manager trusted by millions, has been found to carry significant weaknesses in its memory management system.
These vulnerabilities potentially allow attackers to extract unencrypted credit card data stored in memory.
Cybercriminals commonly use memory-scraping malware, such as Fin7 POS and TinyPOS, to target applications and retrieve sensitive information.
Proton Pass lacks adequate defenses against such threats, leaving its users exposed to potential financial risks.
A proof of concept (PoC) demonstrated the feasibility of extracting sensitive data, including credit card numbers, directly from Proton Pass memory using common tools like Cheat Engine.
Despite Proton’s claim that accessing memory requires administrative privileges, researchers provided evidence contradicting this assertion.
Static Private Keys Enable Traffic Decryption
Proton VPN, a trusted virtual private network for privacy-conscious users, has also come under fire for its handling of encryption keys.
The service utilizes the WireGuard protocol for securing connections but fails to adequately protect private and public keys within its memory.
Researchers at Venak Security identified that Proton VPN employs static values for private key generation, which can be extracted by attackers.
This flaw could enable sophisticated man-in-the-middle (MITM) attacks, allowing state actors or cybercriminals to intercept and decrypt users’ VPN traffic.
Screenshots and decompiled code were shared as part of the researchers’ PoC, supporting claims that Proton VPN traffic and DNS queries could be sniffed and decrypted from memory.
The disclosure of these vulnerabilities highlights significant concerns regarding Proton’s ability to safeguard its users’ data.
Memory protection mechanisms are a critical component of cybersecurity, especially for services that handle sensitive information. Without immediate remediation, users of Proton VPN and Proton Pass remain at risk from memory-based attacks targeting unprotected data.
Proton has the opportunity to address these flaws by enhancing its memory management practices and implementing safeguards to prevent unauthorized access to sensitive data.
Until such measures are in place, users are advised to exercise caution and consider alternative solutions for password management and VPN services.
Are you from SOC/DFIR Teams? –Â Analyse Malware Files & Links with ANY.RUN Sandox ->Â Try for Free
