VPNs in the UAE: Are they safe to use?

Having a virtual private network (VPN) has its own set of safety risks and the UAE residents should use only trusted VPNs, experts have said. Such applications can be used to hack devices to steal login credentials or personal information.

Analysts said some VPN applications can be used for phishing attacks and that many of them are a “waste of money”.

Richard Botley, cyber resilience expert at Mimecast, said individuals in the UAE need to be aware of the security limitations offered by VPNs. They must also understand the “significant legal risks” of using them to try and access illegal or prohibited content.

ALSO READ: Don't use VPN in the UAE to spread hate and watch porn

“VPNs aren’t a silver bullet when it comes to protection from common attack techniques like ransomware, phishing or impersonation attacks sent through e-mail or social media platforms. This is why a taking a layered approach to cybersecurity — one that considers threats that come in through web, email and device security protections — is so important,” said Botley.

It is estimated that 5.58 million VPN applications worth more than Dh14 million were downloaded by the UAE residents in 2020, according to Atlas VPN.

The usage of VPN in the UAE is not illegal if it is done as per the guidelines of the government. But any misuse of the application can result in imprisonment and fines of up to Dh2 million.

DON'T MISS: These are the top 5 VPNs downloaded by residents

Abdullrazaq Zahran, security engineering manager for Middle East, Turkey and North Africa at Vectra AI, said having a VPN does not make anything safer and this is a “marketing argument” being used by VPN vendors.

“They just make a statement about the user-to-VPN server encryption. The browsing is not going to be safer at all, just that the browsing is going to be anonymised,” said Zahran.

Yossi Naar, chief visionary officer and co-founder of Cybereason, said VPNs are generally safe when using a trusted provider. However, residents must not visit “dubious websites” or open attachments in email from people they don’t know.

MUST READ: One in four UAE residents has a VPN, study shows

“From a security standpoint, VPNs can be used for phishing attacks and man-in-the-middle attacks where a hacker successfully intercepts communications between two parties and eavesdrops on the conversation and/or steals login credentials or personal information,” Naar said.

Can VPNs hack devices?

Naar said VPNs can’t be used to directly hack devices, but they can be used to facilitate attacks through misdirection, phishing attacks and man-in-the-middle attacks.

“There are examples of VPN browser extensions being known to distribute malware. The browser extension enables the individual to connect to a web browser such as Safari, Chrome or Firefox,” he said.

Abdullrazaq Zahran said VPN apps can be used to hack user’s devices.

“A VPN can be used to hack devices, as most of the times, in order to make the VPN function, you have to instal agents. At that point, it will take complete control over your network connections and do whatever it wants. Some malwares can be injected into the network by the VPN companies, but it would not be their best interest,” he said.

VPNs – a waste of money?

Zahran believes that, in general, VPNs are a waste of money and do not provide any layer of security.

“If the VPN services would have some Intrusion Prevention System (IPS) or Network Detection & Response (NDR) running, the connection would be more secure, but they do not. It does not prevent drive-by-download attacks or anything that would create security holes for people,” he added.

He said there is no way for an individual to ensure that their VPN is safe.

waheedabbas@khaleejtimes.com

• Dubai
• Abu Dhabi