ExpressVPN (opens in new tab) has announced that its VPN (opens in new tab) app for Windows has been given a clean bill of health following an independent security audit conducted last year.
From November to December of last year, the cybersecurity firm F-Secure (opens in new tab) conducted a penetration test of the company's Windows client in an attempt to identify any potential security weaknesses within the app. More specifically, ExpressVPN wanted to know if an attacker could use its Windows app to execute code remotely while also ensuring that no user information was disclosed or IP addresses were leaked.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
In its security assessment (opens in new tab) of version 10 of ExpressVPN's Windows app, F-Secure reported that none of the targeted vulnerabilities were found. According to the report, it was not possible to gain information about the company's clients or out of network traffic from its app. At the same time, the app itself is not susceptible to Man-in-the-Middle (MitM (opens in new tab)) attacks, TLS downgrading, packet injection or other methods used to execute code remotely.
Of the security issues flagged by F-Secure, one was low-severity while the others were informational. No critical, high or medium issues were found and ExpressVPN has since fixed the issues raised in the firm's report. These fixes were also confirmed by F-Secure during a re-test which took place in February of this year.
More audits to come
In addition to letting companies know about potential security flaws in their software and services, VPN audits (opens in new tab) also make it easier for consumers when it comes to picking out the right VPN for their needs.
In the past, ExpressVPN has had audits conducted on its proprietary VPN protocol (opens in new tab) Lightway, its browser extensions (opens in new tab), its build verification process and its in-house technology Trusted Server by both PwC Switzerland and Cure53.
> ExpressVPN open-sources Lightway protocol and unveils security audit results (opens in new tab)
> ExpressVPN just majorly upped its bug bounty reward (opens in new tab)
> VPN audits: what do they mean and why are they important? (opens in new tab)
Head of cybersecurity at ExpressVPN, Aaron Engel provided further insight in a blog post (opens in new tab) on the recent independent security audit from F-Secure as well as the company's plans for future audits, saying:
- We've also featured the best VPN (opens in new tab) and the best proxy (opens in new tab)