To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

Want to watch US Netflix? Avoid Hola, warn researchers


Hola could let others use your internet connection or install malicious software on your PC, researchers claim

A popular service that allows Brits to access the US version of Netflix could be leaving your PC open to attack, according to a group of security researchers. Hola, which is available as a plugin for all of the leading browsers, could be used to download files on your PC or run malicious software without your permission, the researchers claim. 

The researchers have set up a website called Adios, Hola! which outlines the flaws in the software and lets users see if their system is vulnerable. They claim the software has been deliberately engineered to let third parties take control of users’ PCs.

Hola is a ‘peer-to-peer’ VPN,” the site explains. “This may sound nice, but what it actually means is that other people browse the web through your internet connection. Perhaps that doesn’t seem bad to you. However, imagine that somebody uploaded child pornography through your connection, for example. To everybody else, it seems as if it was your computer that did it, and you can’t really prove otherwise.”

Hola doesn’t only allow others to hijack your web connection, it also lets them install software, which could potentially be used for malicious attacks. The site’s operators demonstrated this with a harmless exploit that opened the Calculator app on Hola users’ PCs, before Hola’s operators closed the facility. However, the security researchers claim programs can still be executed remotely using another method.

The researchers claim these security holes are deliberately built into the software because Hola’s makers sell access to the peer-to-peer network via another service, called Luminati. “This problem is not just an ‘oversight’,” the researchers write. “It’s not a thing where you say ‘well, bugs can happen’. This kind of security issue can only happen if a developer is either grossly incompetent, or simply doesn’t care about the security of their users. It’s negligence, plain and simple, and there’s no excuse for it.” 

We were unable to reach the makers of Hola for comment, although it appears the Hola plugins for Chrome and Firefox have been withdrawn from the relevant stores. The Adios, Hola! site includes full instructions for removing the Hola software, which requires much more than simply disabling the extension.  


Read more