You Say Hola? I Say Goodbye

They’ve been a mainstay of the browsers of many since 2008, but this week the folks behind the popular Hola Better Internet VPN extension have come under heavy fire as allegations have surfaced that users of their service are placing themselves at an extreme risk. A risk of what, I hear you tentatively ask? A risk of having malicious code executed on their machines by less-than-savory individuals, that’s what.

For the less tech-savvy among you, Hola acts as a VPN that routs your web traffic through somebody else’s connection to effectively mask your activity. This approach to providing you with an IP from another country to bypass geoblocks is different than that from other VPN providers that rout your traffic securely through dedicated VPN servers in other countries. The plugin rose to prominence as a simple way for those without the requisite knowledge to bypass location-based content restrictions – accessing the Netflix library of another country by tricking it into, for example.

A hole(-a) in your security

So why, then, after seven years occupying a comfortable position in the various extension stores (Hola is available for all major browsers as well as for Android and iOS devices), are their Israeli-based founders receiving such a backlash? Well, that’s thanks in no small part to the work of “Adios, Hola“, a relatively small group of internet security experts who seized the initiative to bring attention to what is actually a pretty serious security flaw that anyone using the extension is exposing themselves to.

To put it bluntly, if you’re using Hola, you’re putting your privacy and security in legitimate danger. How legitimate? Well, the team behind Adios Hola say that the way the extension handles your connection could not only enables your activity to be tracked, but could potentially allow malicious code to be executed remotely on your machine with as little as one misplaced click.

They demonstrated the exploit by placing a link on their site that, when clicked, opened up the calculator application on the user’s computer. A pretty harmless example, sure, but one that carries serious implications. All it would take is for the user to stop paying attention for a micro-second and then that’s it – somebody thousands of miles away could have control of your machine.

Despite repeated assertions from Hola that there is no way such a scenario could ever actually arise, both us here and Adios Hola! advise you to proceed with extreme caution. If you’re worried about your privacy and your computer’s security, which you should, then it’s highly recommended to only use a reliable VPN provider that routs your traffic through secured VPN servers.