Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass, is facing scrutiny after the discovery of severe memory protection vulnerabilities in its products.
Despite having established itself as a trusted name for safeguarding user data, these flaws could expose sensitive personal information, including encrypted VPN traffic and credit card details, to malicious actors.
Proton Pass, a password manager trusted by millions, has been found to carry significant weaknesses in its memory management system.
These vulnerabilities potentially allow attackers to extract unencrypted credit card data stored in memory.
Cybercriminals commonly use memory-scraping malware, such as Fin7 POS and TinyPOS, to target applications and retrieve sensitive information.
Proton Pass lacks adequate defenses against such threats, leaving its users exposed to potential financial risks.
A proof of concept (PoC) demonstrated the feasibility of extracting sensitive data, including credit card numbers, directly from Proton Pass memory using common tools like Cheat Engine.
Despite Proton’s claim that accessing memory requires administrative privileges, researchers provided evidence contradicting this assertion.
Proton VPN, a trusted virtual private network for privacy-conscious users, has also come under fire for its handling of encryption keys.
The service utilizes the WireGuard protocol for securing connections but fails to adequately protect private and public keys within its memory.
Researchers at Venak Security identified that Proton VPN employs static values for private key generation, which can be extracted by attackers.
This flaw could enable sophisticated man-in-the-middle (MITM) attacks, allowing state actors or cybercriminals to intercept and decrypt users’ VPN traffic.
Screenshots and decompiled code were shared as part of the researchers’ PoC, supporting claims that Proton VPN traffic and DNS queries could be sniffed and decrypted from memory.
The disclosure of these vulnerabilities highlights significant concerns regarding Proton’s ability to safeguard its users’ data.
Memory protection mechanisms are a critical component of cybersecurity, especially for services that handle sensitive information. Without immediate remediation, users of Proton VPN and Proton Pass remain at risk from memory-based attacks targeting unprotected data.
Proton has the opportunity to address these flaws by enhancing its memory management practices and implementing safeguards to prevent unauthorized access to sensitive data.
Until such measures are in place, users are advised to exercise caution and consider alternative solutions for password management and VPN services.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed…
Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria Stealer,"…
The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly sophisticated…
Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations designed…
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated, state-sponsored…
Doppler, the leading provider of secrets management solutions, announced a new integration with Datadog, a…