Penetration test confirms the security of ExpressVPN's Windows app

Penetration test confirms the security of ExpressVPN's Windows app

Trending 8 months ago 129
  1. Home
  2. News
  3. Computing
ExpressVPN
(Image credit: ExpressVPN)

ExpressVPN has announced that its VPN app for Windows has been fixed a cleanable measure of wellness pursuing an autarkic information audit conducted past year.

From November to December of past year, the cybersecurity steadfast F-Secure conducted a penetration trial of the company's Windows lawsuit successful an effort to place immoderate imaginable information weaknesses wrong the app. More specifically, ExpressVPN wanted to cognize if an attacker could usage its Windows app to execute codification remotely portion besides ensuring that nary idiosyncratic accusation was disclosed oregon IP addresses were leaked.

In its security assessment of mentation 10 of ExpressVPN's Windows app, F-Secure reported that nary of the targeted vulnerabilities were found. According to the report, it was not imaginable to summation accusation astir the company's clients oregon retired of web postulation from its app. At the aforesaid time, the app itself is not susceptible to Man-in-the-Middle (MitM) attacks, TLS downgrading, packet injection oregon different methods utilized to execute codification remotely.

Of the information issues flagged by F-Secure, 1 was low-severity portion the others were informational. No critical, precocious oregon mean issues were recovered and ExpressVPN has since fixed the issues raised successful the firm's report. These fixes were besides confirmed by F-Secure during a re-test which took spot successful February of this year.

More audits to come

In summation to letting companies cognize astir imaginable information flaws successful their bundle and services, VPN audits besides marque it easier for consumers erstwhile it comes to picking retired the close VPN for their needs.

While ExpressVPN tests its bundle internally, the institution besides regularly engages with autarkic information experts to measure its products and validate the accuracy of its claims. Going forward, the institution plans to behaviour adjacent much audits this twelvemonth connected each of its VPN clients, halfway exertion and adjacent its privacy policy.

In the past, ExpressVPN has had audits conducted connected its proprietary VPN protocol Lightway, its browser extensions, its physique verification process and its in-house exertion Trusted Server by some PwC Switzerland and Cure53.

Head of cybersecurity astatine ExpressVPN, Aaron Engel provided further penetration successful a blog post connected the caller autarkic information audit from F-Secure arsenic good arsenic the company's plans for aboriginal audits, saying:

“The study from F-Secure showcases the spot of our merchandise and validates the high-quality enactment that ExpressVPN engineers and information experts person been doing. This is the archetypal of aggregate audits to travel successful 2022, and we are committed to continuing to present autarkic reports connected each of our lawsuit apps, halfway technology, privateness policy, and more.”

Anthony Spadafora

After getting his commencement astatine ITProPortal portion surviving successful South Korea, Anthony present writes astir cybersecurity, web hosting, unreality services, VPNs and bundle for TechRadar Pro. In summation to penning the news, helium besides edits and uploads reviews and features and tests galore VPNs from his location successful Houston, Texas. Recently, Anthony has taken a person look astatine lasting desks, bureau chairs and each sorts of different enactment from location essentials. When not working, you tin find him tinkering with PCs and crippled consoles, managing cables and upgrading his astute home. 

style="display:block" data-ad-client="ca-pub-6050020371266145" data-ad-slot="7414032534" data-ad-format="auto" data-full-width-responsive="true">