Deciding not to pay for a VPN and use a cracked VPN version sounds like a good idea, but they may be risks involved. In this article I’m going to dig deeper to find out more about the safety of using one and whether it is a better option instead of paying to use a VPN service.
Can a VPN be cracked? A VPN app that has been cracked will most likely be dangerous to use as it will contain malware especially spyware and viruses. Cracked VPN apps are designed by hackers to get access to computers and smartphones, so they can spy and steal important information.
Does a cracked VPN work?
A cracked VPN might work if the user account used manages to authenticate with the VPN service provider. This in itself will be a difficult task as the VPN service provider has unique user accounts with their own passwords.
The likelihood of a cracked VPN being able to authenticate with the VPN service provider is going to be remote, as these VPN providers are good at managing their user account base. For out more information about What is a VPN and how does it work?
Are cracked VPNs safe?
Cracked VPNs are not safe as they will probably have been created for more sinister purposes, such as trying to steal personal information or be used to spy on people. I would genuinely refrain anyone from using a cracked VPN and choose a paid for VPN from a reputable VPN provider.
Choosing pirated editions of VPN software might seem like a good idea but there are a number of risks in adopting this approach as this can do more damage than it is actually worth.
The most important risks of using a cracked VPN are the risk of malware and the VPN app actually not working as it should be. Let’s take a look at the potential risks involved.
Malware risks
The cracked VPN is in all likelihood has been created to spread malware that will infect your device as soon as you install the VPN. Just by installing, you give the cracked VPN privileged access to your device, allowing it to easily spread itself.
The damage malware could do is not worth taking a risk with any untrusted software, as malware can
- slow down your device
- steal your information by sending your important files and documents onwards to secret locations
- damage your files
- spy on your activity (government agencies, hackers)
- stealing your personal information including credit card details, passwords as part of identity theft
- ransomware, encrypt all the files and ask for money (bitcoin) to decrypt them
There is a lot of damage malware can do and it is simply not worth taking the risk by installing something that could easily be infected by it.
Privacy risks
The main goal of using a VPN is to protect your privacy by hiding your digital identity, your IP address and the traffic between you and the VPN. With a cracked VPN maintaining privacy simply cannot be guaranteed as the VPN application might not really work as you would expect.
So, by saving at the outset by not paying anything for the cracked VPN application might have cost implications in the longer term. Consider someone who will use this type of VPN for torrenting and they fully believe their identity is being protected.
Firstly, the VPN might not be generating a fake IP address, so this persons real IP address is going to be used every time they connect to a torrenting site.
If the VPN is not correctly encrypting connections and does not have the leak protections the main paid for VPNs have (DNS and WebRTC leak protection) then the Internet Service Provider (ISP) will be able to see all the connections being made to the torrenting site and these will be logged with the time and date these connections were made.
Knowing the real IP address and by using the ISP logs, will make it really easy for any lawyers to find out who has been torrenting their client’s copyrighted music, applications and films.
Yes, they will still need to get some sort of court order, but the damage has been done, as a trail of activity has been left, all logged with the ISP, who generally keep their logs for a year or even more.
Update issues
Even if you manage to get a cracked VPN version of the popular VPN services like ExpressVPN or NordVPN, it will only be as good as long as it works. As VPN providers are constantly updating their VPN services with improvements and bug fixes.
Without the updates the VPN itself might not be as secure as expected, I regularly check my paid for VPN’s update logs to see what has been fixed in the updates. Early on, with one of the paid VPNs I used, they had to fix a DNS leak issue that was giving away my real IP address to the websites I was visiting. It was certainly a very important fix to retain my privacy.
With cracked VPNs when the time comes to update, the update will not work and if the update is required because the VPN has stopped working, then the only option would be to pay the monthly subscription and start using a paid for VPN. Or try to find another cracked VPN and run the risk of malware and privacy issues.
Connection issues
A cracked VPN might experience a number of connection issues, including poor initial connection times, slower connection speeds, kill switch failures and the inability to connect to the VPN servers of choice.
Initial connection delays
The initial connection to set up the encrypted connections might not work as quickly as expected
Slower connection speeds
The overall connection speed might be poorer thereby any internet activity done will be a lot slower. This could be down to the VPN not having the latest updates; therefore, it is using outdated components which the VPN service may be deliberately slowing down to make sure people upgrade.
Kill switch failure
Kill switches are important privacy protection features which stop all internet activity when the VPN connection fails, thereby stopping any traffic bound for the internet until the VPN connection is back online. Without the kill switch the real IP address could be exposed to the user’s ISP and to the internet sites being visited.
A cracked VPN might not have all the privacy protection features or it might not have the updates to ensure these features work as expected, so, the kill switch might not work.
Restricted VPN server choices
The choice of VPN server might be restricted to a particular regions VPN server and this will not give the flexibility of being able to choose other regions. This choice is important, as being tied to a region which may have different privacy laws could be problematic, as there maybe some form of monitoring taking place.
Being regionally tied will make it difficult to switch regions when it comes to watching content like TV programmes in different regions.
Hacker risks
It is quite easy to set your own VPN server up in the cloud with services like Amazon Web Services, Microsoft Azure to others like Google Cloud. Now, consider a hacker who sets up their own VPN server and makes freely available VPN software set to connect to their VPN server only.
They will able to see all the traffic passing through the VPN server on its way to it’s intended connection. If the connection isn’t using HTTPS, then the hacker can see all the information passing through.
What about if the hacker creates fake websites? Even if you are connecting to websites using HTTPS, the hacker will still know what website you are connecting to, even if they cannot see what information is being sent.
They could easily set up a fake website that looks like a bank website for example and when the user enters their bank website address, the hacker can easily redirect this to their fake website.
Where the user assuming it is their bank’s website, enter their login and password information, only for this now to fall into the hacker’s hands.
This is quite easy to do when the VPN application has been cracked, as the setting for DNS, which stands for Domain Naming Service, can be hardcoded into the VPN app. DNS is important because it translates the website address into a IP address, which allows connections to be made to the web servers where the website is hosted.
A hacker with their own DNS can change the website name mapping to a different IP address of a different web server where their fake website is hosted. They may even be able to change files on your device known as host files, by adding a mapping of real bank websites with fake IP addresses, especially during the VPN installation process.
Customer Support risks
As a bona fide user of a VPN service, customer support is provided to help with any issues experienced, however, with cracked VPNs there will be no customer support, so any issues cannot be fixed by experts.
To some this might not be important and worth the risk of trying to use a cracked VPN but for me, I think it is worth paying for a VPN service to get the most value out of it.
Is a cracked VPN apk file safe?
A cracked VPN apk file is not safe and should not be used, as the protections afforded by the Google Play Store where apps are verified (malware check) won’t be available. Worst still, if there is no malware protection on the smartphone then protecting against malware infestation from the apk file will not be possible.
VPN apk files are known to be ways to spread malware especially spyware and viruses, where damage on phones that have been rooted (given privileged access) being most suspectable to the damage these VPN apk files can cause.
Before deciding to install an apk file, a virus scan can be done using antivirus applications, however there is also a way to scan apk files online using Virus Total (https://www.virustotal.com). This site uses threat intelligence from many other antivirus detection engines and other contributions to be able to perform its antivirus scanning.
I generally always check the hash of any software I download mostly for my computer, but it would still apply to any apk files downloaded. The hash is a signature, like a finger and usually the download site will display the hash.
By comparing the hash from the website with the one for the APK, it proves what is being downloaded has not been tampered with. Here’s the rub though, if you are downloading a cracked VPN, the hash displayed on the download site will probably match the one with the APK file but it still will not prove the apk file is safe, as the more than likely this file has been put up by hackers.
Can VPN encryption be cracked?
VPN encryption is pretty robust, often referred to as military grade, so cracking this might be difficult but if lower grades of encryption are used then it could be possible.
In the screenshot below, the ‘Data Encryption’ setting is the one used to encrypt the traffic between the VPN software on the device with the VPN server. A special encryption key is used to do this, which is generated each time a VPN connection is initiated from the VPN software on the device to the VPN server.
This encryption key is important, as it encrypts the data from the VPN software to the VPN server, it needs to be protected when it is sent to the VPN client software. This is where the ‘Handshake’ is done, again using a secure communication to protect the encryption key.
If a lower grade of encryption was chosen (options shown in screenshot below) then theoretically it could be possible to break the encryption.
It is important to note, a VPN is not end-to-end encryption, it only encrypts from the internet connection from your device, be it a computer, tablet or a smartphone to the VPN server. Beyond the VPN server, the connection won’t have the encryption protections offered by the VPN and will connect how it was supposed to connect if there was no VPN being used.
So if the connection was being made not using an encrypted connection, that is you were connecting to a website using http instead of https, the http connection is not encrypted and any traffic leaving the VPN server on their way to their final destination will not be encrypted, so it’s vital to make sure you only connect using https connections especially when you are sending confidential information like your personal details to a website.
Conclusion
Using a cracked VPN is not a good idea and for how little it costs for a monthly VPN subscription these days, the risks of using cracked VPN are skewed to dangerous levels.
The protections afforded to me by my paid VPN give me piece of mind, knowing my connections are always encrypted, the VPN software is not stealing any of my information or infecting my devices with malware and I also have access to support, so should the VPN have a problem, I can contact support.
I would always choose a paid for VPN over a cracked VPN. Find out more about choosing a VPN in my article What is the best VPN?
