- The researchers discovered an open ElasticSearch instance containing 626 GB of VPN connection logs during a routine check-up.
- 5.7 billion entries, including user IDs, IP addresses that users connect to and from, domain names, and timestamps.
- The app requests a high number of permissions, including access to camera and audio recording, reading and modifying contacts, external storage, and installing packages.
The Cybernews research team discovered an open ElasticSearch instance that contains 626 GB of VPN logs on July 7. It was found during a routine check-up with open-source intelligence methods. It includes 5.7 billion entries, including user IDs, IP addresses that users connect to and from, domain names, and timestamps.
User IDs and IP addresses
The exposed data can be used to de-anonymize and track users. Researchers also stated that the Android app is capable of functioning as spyware and has remote code execution capabilities. Research also showed that the service runs on less secure HTTPS.
Currently, the app, named Airplane Accelerate, has approximately 3,000 reviews on the Chinese App Store. These numbers are much lower in the global version. In countries like China, people are worried about letting the regime track their internet usage, thus VPN services are more popular in general.
« This leak is significant, because the leaked data could be used to de-anonymize and track the users of this app. Analysis of the Android app also shows that it is capable of functioning as spyware, and has remote code execution capabilities. Depending on how they implemented it, it could be that the app would only encrypt web traffic, not traffic from the operating system (OS) or other apps. While Antivirus apps do not detect this app as malicious, our analysis of it raises some significant red flags.
The amount of permissions the app requests suggests that some of the information it collects was stored in a different database than the one we found. »