Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass, is facing scrutiny after the discovery of severe memory protection vulnerabilities in its products.
Despite having established itself as a trusted name for safeguarding user data, these flaws could expose sensitive personal information, including encrypted VPN traffic and credit card details, to malicious actors.
Proton Pass, a password manager trusted by millions, has been found to carry significant weaknesses in its memory management system.
These vulnerabilities potentially allow attackers to extract unencrypted credit card data stored in memory.
Cybercriminals commonly use memory-scraping malware, such as Fin7 POS and TinyPOS, to target applications and retrieve sensitive information.
Proton Pass lacks adequate defenses against such threats, leaving its users exposed to potential financial risks.
A proof of concept (PoC) demonstrated the feasibility of extracting sensitive data, including credit card numbers, directly from Proton Pass memory using common tools like Cheat Engine.
Despite Proton’s claim that accessing memory requires administrative privileges, researchers provided evidence contradicting this assertion.
Proton VPN, a trusted virtual private network for privacy-conscious users, has also come under fire for its handling of encryption keys.
The service utilizes the WireGuard protocol for securing connections but fails to adequately protect private and public keys within its memory.
Researchers at Venak Security identified that Proton VPN employs static values for private key generation, which can be extracted by attackers.
This flaw could enable sophisticated man-in-the-middle (MITM) attacks, allowing state actors or cybercriminals to intercept and decrypt users’ VPN traffic.
Screenshots and decompiled code were shared as part of the researchers’ PoC, supporting claims that Proton VPN traffic and DNS queries could be sniffed and decrypted from memory.
The disclosure of these vulnerabilities highlights significant concerns regarding Proton’s ability to safeguard its users’ data.
Memory protection mechanisms are a critical component of cybersecurity, especially for services that handle sensitive information. Without immediate remediation, users of Proton VPN and Proton Pass remain at risk from memory-based attacks targeting unprotected data.
Proton has the opportunity to address these flaws by enhancing its memory management practices and implementing safeguards to prevent unauthorized access to sensitive data.
Until such measures are in place, users are advised to exercise caution and consider alternative solutions for password management and VPN services.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across its…
Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across several…
A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products, including…
The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in ransomware…
Penetration testing is still essential for upholding strong security procedures in a time when cybersecurity…
A newly identified advanced persistent threat (APT) campaign, dubbed "Swan Vector" by Seqrite Labs, has…
