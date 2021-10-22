The appearance of an ad looking for failures zero day (or day zero, those unknown when since the software releases) in three popular VPN services sparked an alert about the possible interest of government agencies in exploring openings in this type of platform. The order came from Zerodium, a company that works in the purchase of loopholes of this type, and is focused on the services of Surfshark, NordVPN and ExpressVPN, focusing on vulnerabilities that allow locating users.

The announcement is clear and, like so many others, it was made by Twitter. According to the post, the company is looking for openings that allow it to obtain the IP address and other information of VPN users, as well as executing codes remotely. There is no interest, according to Zerodium, in failures that allow scaling privileges on the user’s machine, indicating that the interest is in the user and not necessarily in the data stored on devices.

Taking on According to the company’s official clients, government agencies and law enforcement agencies, the most straightforward conclusion is that the openings would be used in espionage operations or investigations. Authorities who use Zerodium’s services are mainly in Europe and North America, traditionally using such openings in their operations. Despite the clarity of the request, it is clear that the cybersecurity company did not provide further details on the motives behind the search, not even leaving the Twitter post open to third-party responses.

