Using the Hola VPN to watch Netflix from other countries for free might seem like a great idea, but research has discovered some dire security vulnerabilities.
For as long as Netflix has been available in the UK many people I know have tossed around the idea of using Hola, a free plugin that allows you to essentially trick your Internet browser to believe you’re browsing the web in another country. Seems pretty harmless, right? But according to “Adois-Hola” it’s not as innocent as it seems.
In short, using the Hola VPN, you’re essentially turning your computer into an exit node. This is because Hola isn’t just tricking your browser into thinking you’re from another country, your Internet browsing is actually in another country. This is due to the Peer-to-Peer nature of Hola.
For example: If you want to watch Netflix US and you’re from the UK, Hola will be basically pushing your browsing through someone else’s computer who is also using Hola. The exact same thing could be done to your computer.
This would mostly be fine if Hola limited its usage to Netflix and other streaming services alone, but it doesn’t. What this means is that anyone with Hola activated, could be using your Internet connection to do very illegal activities which would be traced back to you.
If that wasn’t bad enough, some users can even gain access to your computer through such a service:
And on some systems, it gets worse; Hola will happily run whatever you feed it as the ‘SYSTEM’ user. What this means in simple terms, is that somebody can completely compromise your system, beyond any repair. It allows for installing things like a rootkit, for example.
This problem is not just an ‘oversight’. It’s not a thing where you say ‘well, bugs can happen’. This kind of security issue can only happen if a developer is either grossly incompetent, or simply doesn’t care about the security of their users. It’s negligence, plain and simple, and there’s no excuse for it.
No make matters worse, Hola are also selling access to your computer through a site called Luminati from $1.45 to $20 per GB. This service allows anyone, even those not a part of the Hola network to use yours any many others’ Internet connection to use in DDoS attacks and many other things.
Adios-Hola are encouraging users to uninstall Hola as soon as possible but of course, the risk of using such a service is entirely down to you. Cases in which something malicious or potentially illegal could happen to you if you use this service, it also may not happen.
To see if you’ve been affected with any of the vulnerabilities and to read more about the findings you can head on over to the Adios-Hola website.