Can a VPN get Hacked? Understanding How VPN Encryption WorksLast Updated by Brittany Hall on June 29, 2019
VPNs are highly encrypted, great for bypassing geo-blocks and added security, but are they susceptible to hacks?
A Virtual Private Network (VPN) is without doubt the most effective way of protecting your privacy while giving you added security online. Their ability to bypass geo-restrictions and afford you complete anonymity online is all thanks to their advanced encryption protocols.
To explain how VPN encryption works, we’ll start with the protocol. A VPN protocol is a set of rules for data encryption and transmission. The majority of providers allow users to choose from a number of VPN protocols.
OpenVPN (SSL/TLS), Internet Protocol Security (IPSec), Layer Two Tunnelling Protocol (L2TP), and Point to Point Tunnelling Protocol (PPTP) are all popular VPN protocols.
To better understand how a VPN is able to protect your online privacy, we must take a deeper look at the science behind encryption.
Encryption transforms your plaintext, or readable, data into a cipher text, making it unreadable by anyone who may try to intercept it, such as hackers or government authorities.
How the processes of encryption and decryption takes place within these protocols is dictated by a cipher or algorithm. These algorithms are designed to obscure any data transferred over the internet, ensuring your online activities remain confidential.
Each protocol has its own strengths and weaknesses that depend on which encryption algorithm is used within it. Users can sometimes choose the cipher used for their VPN connection. These ciphers or algorithms are based on one of three different types of encryption: symmetric, asymmetric, and hashing.
With symmetric encryption, one key is used to encrypt, or lock, and another key is used to decrypt, or unlock, the data. A key is like a secret password to the encryption. Compared to asymmetric encryption, symmetric encryption is a bit easier to break, is less complex, and has faster speeds.
Symmetric is used for bulk encryption, so basically everything. It offers confidentiality in terms of security and has good scalability. One key is shared between multiple groups, and key exchange requires a secure mechanism for sending and receiving encryption keys.
Examples of symmetric encryption include AES, DES, IDEA, RC6, and Blowfish.
Two keys are used for asymmetric encryption, one key for encrypting and one for decrypting. Asymmetric encryption is more difficult to crack, however, it is more complex than symmetric which leads it to be slower.
The use for asymmetric is really only digital signatures and key distribution, and with the keys, one party has the private key, while the other one has the public key.
The public key is made available to everyone, and the private key is instead kept a secret by the owner. Asymmetric offers security such as confidentiality, non-repudiation, and authentication, as well as better scalability than symmetric encryption.
Asymmetric encryption is also a popular algorithm for several VPN protocols, including OpenVPN, IPsec, and HTTPS.
Hashing is an irreversible, one-way method of encryption that is used mostly to ensure the integrity of data transferred. Hashing encryption is used by the majority of VPN protocols to verify message authenticity over the VPN connection.
Examples of hashing include SHA-1, SHA-2, and MD5. However, SHA-1 and MD5 are no longer considered secure.
Can a VPN Be Hacked?
While VPNs are still pretty much the most effective way of ensuring your privacy online, it’s worth noting that they still have a small chance of being hacked.
If hackers want to break into a connection on a VPN server they will have to take advantage of any known vulnerabilities to break the VPN’s encryption, or steal the key by some less than ethical means.
Hackers can also use cryptographic attacks to recover the plaintext from the encrypted versions if they don’t have the key. Doing this, however, is a time-consuming and computationally demanding task. Decoding encryption protocols can take years to achieve.
The majority of hacking efforts typically involve hackers stealing VPN keys, as it is much easier than having to decode the encryption of the VPN connection.
The success hackers have with stealing keys is a result of a mix of technical trickery, backdoor persuasion, cheating, computing power, and other methods. However, the math that supports the encryption is computationally complex and extremely strong.
Information discovered by security researchers and whistleblower Edward Snowden found that the NSA cracked the encryption behind a massive amount of online traffic, including VPNs.
The Snowden documents reveal that the decryption infrastructure the NSA used for VPNs involved intercepting some of the encrypted data passing through the internet and passed that data on to extremely powerful computers. These computers then returned the key.
Research was also presented by Nadia Heninger and Alex Halderman, two security researchers, that suggested the NSA developed an ability to decrypt a rather large amount of VPN, SSH, and HTTPS traffic through an attack called Logjam on the Diffie-Hellman algorithm.
You Should Still Use a VPN
While government spy agencies may be able to exploit any weaknesses in a VPN, as well as other encryption protocols, you should still use a VPN service for your online activities.
While hackers or government entities could break the encryption used by VPN providers, it would take a lot of time, money and effort, too much to target any ordinary individual.
“Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”
How to Protect Yourself from Being Hacked
In general, try to avoid VPN services based primarily on the SHA-1 or MD5 hashing encryption algorithms. Look for VPNs that support the OpenVPN protocol, which is considered to be one of the most secure available, or the SHA-2 hashing algorithm.
- 2,000+ servers in over 94 countries
- 30-day money-back guarantee
- 5 simultaneous connections
ExpressVPN is one of the best VPN providers on the market today, making it a great choice for anyone wanting to protect themselves from hackers.
It offers a 30-day no-fuss money-back guarantee, a user-friendly app, and 24/7 support. It is also well known for providing extremely fast speeds.
- Over 4,889 servers
- 24/7 customer support
- Up to 6 simultaneous connections
NordVPN increases their number of servers seemingly almost every day, offering possibly the largest network of servers available.
NordVPN allows for up to six simultaneous connections on one account, and works on a wide variety of operating systems and devices.
While VPNs can theoretically be hacked, it is extremely difficult to do so. There is an extremely low chance of you being hacked while using a VPN, and it is better to use one than not at all.