From November to December of past year, the cybersecurity steadfast F-Secure conducted a penetration trial of the company's Windows lawsuit successful an effort to place immoderate imaginable information weaknesses wrong the app. More specifically, ExpressVPN wanted to cognize if an attacker could usage its Windows app to execute codification remotely portion besides ensuring that nary idiosyncratic accusation was disclosed oregon IP addresses were leaked.
In its security assessment of mentation 10 of ExpressVPN's Windows app, F-Secure reported that nary of the targeted vulnerabilities were found. According to the report, it was not imaginable to summation accusation astir the company's clients oregon retired of web postulation from its app. At the aforesaid time, the app itself is not susceptible to Man-in-the-Middle (MitM) attacks, TLS downgrading, packet injection oregon different methods utilized to execute codification remotely.
Of the information issues flagged by F-Secure, 1 was low-severity portion the others were informational. No critical, precocious oregon mean issues were recovered and ExpressVPN has since fixed the issues raised successful the firm's report. These fixes were besides confirmed by F-Secure during a re-test which took spot successful February of this year.
More audits to come
In summation to letting companies cognize astir imaginable information flaws successful their bundle and services, VPN audits besides marque it easier for consumers erstwhile it comes to picking retired the close VPN for their needs.
In the past, ExpressVPN has had audits conducted connected its proprietary VPN protocol Lightway, its browser extensions, its physique verification process and its in-house exertion Trusted Server by some PwC Switzerland and Cure53.
Head of cybersecurity astatine ExpressVPN, Aaron Engel provided further penetration successful a blog post connected the caller autarkic information audit from F-Secure arsenic good arsenic the company's plans for aboriginal audits, saying:
“The study from F-Secure showcases the spot of our merchandise and validates the high-quality enactment that ExpressVPN engineers and information experts person been doing. This is the archetypal of aggregate audits to travel successful 2022, and we are committed to continuing to present autarkic reports connected each of our lawsuit apps, halfway technology, privateness policy, and more.”