On many of our pages and public statements, we talk about steps that we take to increase the security of our VPN network. One of the features that we often mention is our use of "bare-metal" or dedicated servers only. This means that the servers that our VPN network operates on only have a single operating system installed, the one that is managing the VPN server.
Alternatively, a lot of other VPNs use virtualization such as cloud or virtual private servers. This means that a Hypervisor is managing multiple operating systems at the same time on one machine. The idea behind virtualization is that servers are often underutilized, and allowing multiple customers to share the same machine securely can allow hosting companies to get more customers per machine, and thus greater revenues. VPN providers use virtual machines to save money.
The problem is the assumption that this can be done securely.
Hypervisors, like all other complex code, have security vulnerabilities. These vulnerabilities can be used to manipulate data or log activity without the guest OS being aware. Popular Hypervisors like Xen, vSphere, and Hyper-V have all had serious security vulnerabilities in the past few years.
Here are some recent examples:
Xen - 11th June 2015 - http://xenbits.xen.org/xsa/advisory-136.html Privilege escalation
Xen - 13th May 2015 - http://xenbits.xen.org/xsa/advisory-133.html Privilege escalation
vSphere - 2nd April 2015 - http://www.vmware.com/security/advisories/VMSA-2015-0003.html Secure Information Disclosure
vSphere - 22nd October 2014 - http://www.vmware.com/security/advisories/VMSA-2014-0011.html Secure Information Disclosure
Hyper-V - 14th April 2015 - https://technet.microsoft.com/library/security/ms15-042 Denial of Service
Hyper-V - 12th November 2013 - http://www.cvedetails.com/cve/CVE-2013-3898/ Total Information Disclosure
The other assumption is that the host is not malicious. If you are leasing virtual servers, someone else is managing the hosts Hypervisor and can manipulate data, directly log activity, or otherwise compromise the security of the virtual machine without the VPN provider being aware. This is crucial as compromises of software that lie below the operating system would not be detected by the security systems installed to the OS. A malicious actor at the host would not need credentials to tamper with a virtual VPN server, they already have root access to everything.
No security focused VPN service should be using virtual machines on their VPN network.