Two different cybersecurity firms, Cure53 and F-Secure respectively, were called to check all its desktop applications for any vulnerabilities. Specifically, Cure53 performed penetration tests and source code audits of its macOS and Linux apps. F-Secure carried on similar checks on the most recent version (v12) of its Windows client.
Despite finding some minor bugs, all the reports conclude that ExpressVPN is a safe choice to secure your most sensitive data against any cybersecurity threats.
And as part of our uncompromising approach to your digital privacy and security needs, we've done not one but three successful external audits to back our security claims.Why three?...November 9, 2022
'No major issues and strong impressions gained'
"As a result of the absence of major issues and strong impressions gained during the audit, Cure53 can only confirm that the ExpressVPN team instills due diligence in its efforts against the many and varying threats that modern VPN applications tend to face," concluded the auditing firm, praising the access and collaboration grant from the provider during the process.
As mentioned before, Cure53 performed white-box testing on ExpressVPN's macOS and Linux apps between June and July 2022. These were aimed to check if users' privacy is secured at all times.
In both cases, auditors could find only a handful of minor vulnerabilities with very little risk for users' data.
Specifically, the macOS app review revealed only two minor security risks and four possible improvements. Check the full report results here.
Likewise, the audit of its Linux apps uncovered two security vulnerabilities and three general weaknesses with lower exploitation potential.
"It needs to be stated clearly that this list of issues is very short, pointing to the overall good outcome of this testing round," wrote Cure53.
At the same time, ExpressVPN developers claimed that these bugs have since then been reviewed.
After asking F-Secure to check the previous app's version, the secure VPN provider decided to call the firm for another review on its latest Windows v12 in March.
Here, a mix of white-box and grey-box tests couldn't identify any security weaknesses. Only a non-exploitable informational issue was found, but it has already been fixed and retested as solved a month later. Check the final report for more details.
"These audits are a testament to the efforts we put into improving and securing our product, and we’re glad to receive the validation from Cure53 and F-Secure," said ExpressVPN penetration testing manager Brian Schirmacher.
"We’re committed to delivering audits on our mobile apps soon, and will continue to ensure privacy and security at every touchpoint of our product."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to email@example.com