Hola CEO channels Steve Jobs with robust defence of company

A day after his company was accused of leaving users’ computers wide open to attack, Hola’s CEO has compared himself to Steve Jobs in a public defence of his company’s service. Hola is widely used to subvert the region controls on Netflix, allowing British users to access the wider range of content available on Netflix US, for example. However, researchers discovered gaping holes in Hola’s security which could allow hackers to take control of users’ machines. 

The researchers claimed that flaws in Hola’s VPN software could potentially allow paedophiles to upload child abuse images using a Hola user’s connection, or let hackers run malicious software on their machines without their knowledge. “This kind of security issue can only happen if a developer is either grossly incompetent, or simply doesn’t care about the security of their users,” the security researchers wrote on a site exposing the flaws. “It’s negligence, plain and simple, and there’s no excuse for it.” 

In a blog post posted on Hola’s website, the CEO defends his company against accusations of carelessness, openly comparing his company to Apple. The top of the blog post contains a photo of Steve Jobs, alongside the quote: “Sometimes when you innovate, you make mistakes. It is best to admit them quickly, and get on with improving your other innovations.”

Ofer Vilenski goes on to deliver an impassioned defence of his company, saying the firm had endured a “difficult” week. “There have been some terrible accusations against Hola which we feel are unjustified,” Vilenski writes. “We innovated quickly, but it looks like Steve Jobs was right. We made some mistakes, and now we’re going to fix them, fast.”

Vilenski says Hola has closed the security holes in its products and will be appointing a chief security officer in the coming weeks. He admits the Hola software left users’ systems vulnerable to attack, but claims his company’s “mistakes” are no worse than those of other industry giants. “Part of the growing pains of creating a new service can be vulnerability to attack. It has happened to everyone (Apple iCloud, Snapchat, Skype, Sony, Evernote, Microsoft), and now, to Hola,” he writes.

“Two vulnerabilities were found in our product this past week. This means that there was a risk of a hacker being able to operate remote code on some devices that Hola is installed on. The hackers who identified these issues did their job, and we did our job by fixing them.”

Vilenski says Hola has also updated its website to make it clear that users are sharing their computing resources with Hola’s commercial partners. “We assumed that by stating that Hola is a P2P network, it was clear that people were sharing their bandwidth with the community network in return for their free service,” he writes. “After all, people have been doing that for years with services like Skype. It was not clear to all our users, and we want it to be completely clear.” The CEO claims users sacrifice on average 6MB of data per day by being part of the Hola P2P network.