Don’t Monkey Around With Big Mama VPN, It Can Turn You Into A Proxy For Hackers
Beware Free VPN Apps!
There is a game on the Meta virtual reality headset called Gorilla Tag, which you may or may not have heard of, but apparently it is very popular. What is also popular is using a VPN while playing the game to produce just enough lag to give you an advantage over your opponents. Why lag makes you better is not the interesting thing though, it is the free VPN being used to generate the lag which is. Big Mama VPN is a free Android app which happens to work with the Meta headset and it seems to be the go to app for fans of Gorilla Tag, however there is something about that app users may not be paying attention to.
When you sign up to use the app, buried in the terms and agreements, is that you consent to allow Big Mama VPN to sell access to your 4G and home Wi-Fi IP addresses for a price. The app does function as a VPN but the second use is to allow anyone who pays Big Mama to use your IP as a proxy address for whatever they want. The terms of that part of the business suggest the IP address could be used for “ad verification, buying online tickets, price comparison, web scraping, SEO, and a host of other use cases.” It can, and apparently has, be used for more nefarious purposes, it is perfectly build to use your IP address in DDoS attacks or to obfuscate a hacker’s actual IP address when they try to break into remote systems.
Remember, if the app is free it means you are the product and this is a perfect example of that truism.
"The free VPN app that the video tutorials point to, Big Mama VPN, is also selling access to its users’ home internet connections—with buyers essentially piggybacking on the VR headset’s IP address to hide their own online activity.
More Tech News From Around The Web
- Congress Funds Removal of Chinese Telecom Gear as Feds Probe Home Router Risks @ Slashdot
- Windows 11 24H2 upgrades blocked on some PCs due to audio issues @ Bleeping Computer
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 @ Bleeping Computer
- Microsoft coughs up yet more Windows 11 24H2 headaches @ The Register
- Krispy Kreme breach, data theft claimed by Play ransomware gang @ Bleeping Computer
- Japanese Firm’s USB-C Cable Rotates 360 Degrees @ Slashdot
- Sophos Firewall vulnerable to critical remote code execution flaw @ Bleeping Computer
- Fortinet warns of FortiWLM bug giving hackers admin privileges @ Bleeping Computer
- The AI war between Google and OpenAI has never been more heated @ Ars Technica
- Million GPU clusters, gigawatts of power – the scale of AI defies logic @ The Register
- Generative AI has an electronic waste problem, researchers warn @ PhysicsWorld
- CXL is Finally Coming in 2025 @ ServeTheHome
- Home Assistant’s Voice Preview Edition is a little box with big privacy powers @ Ars Technica
- The Hasivo S600WP-5XGT-1SX-SE Might Be The Best 6-port 10GbE Switch with PoE @ ServeTheHome