ExpressVPN has ordered another audit of its service, this time for the Windows app, which has been reviewed by the cybersecurity firm F-Secure. And so they ran a series of penetration tests to confirm the app’s privacy protections and strong security posture — with the idea to attempt to identify any potential security weaknesses within the app.
Specifically, F-Secure was looking for vulnerabilities relating to information disclosure or IP address leakage, as well as the ability of an attacker to execute code remotely. The assessment was conducted from November 2021 to December 2021.
F-Secure issued an “exceedingly positive” report, with none of the targeted vulnerabilities found. “It was not possible to gain information about ExpressVPN’s clients or out of the network traffic,” the report reads. “Nor was it possible to execute code remotely through attacks such as, but not limited to, Man-in-the-Middle (MitM), TLS downgrading, packet injection.”
Some security issues were flagged though, one of which was of low severity and others were informational. The important thing is that no critical, high, or medium issues were found. Also, the issues raised in the report have been remedied, with F-Secure confirming that during a re-test in February 2022.
On the record
“The report from F-Secure showcases the strength of our product and validates the high-quality work that ExpressVPN engineers and security experts have been doing,” said Aaron Engel, Head of Cybersecurity at ExpressVPN. “This is the first of multiple audits to come in 2022, and we are committed to continuing to deliver independent reports on all of our client apps, core technology, privacy policy, and more.”
Why do VPNs perform third-party audits?
Like a few other major VPN players, ExpressVPN works hard to ensure that its software and systems provide an extremely high level of privacy protections to the users. In order to be confident of their security claims, VPNs test their software internally but also engage independent cybersecurity experts to assess their products and validate the accuracy of the claims.
With best VPNs, and ExpressVPN is definitely in that group, these third-party audit reports are not made just for informational purposes. Rather, they also give users insight into the accuracy of security claims and help them make an informed decision when choosing a VPN.
On its end, ExpressVPN aims to invest in a greater frequency and quantity of audits and assessing the Windows app was just the start. You can expect more audits from them this year, including on all of their client apps, core technology, and privacy policy.
ExpressVPN’s previous audits and security assessments include:
- An audit by PwC Switzerland of its privacy policy compliance and its in-house technology TrustedServer
- An assurance engagement by PwC Switzerland on the build verification process
- A security assessment of ExpressVPN’s browser extension by Cure53
- A security audit by Cure53 of its VPN protocol Lightway
These assurance engagements and security assessments complement ExpressVPN’s other trust and transparency efforts, including providing open-source leak-testing tools, publicly detailing its security practices, and launching the VPN Trust Initiative — which aims to promote public awareness about internet safety.
So, if you’re looking for a reliable VPN, you may want to try out ExpressVPN. It is a highly recommended service and you can get it by clicking the link below.
Pros
Cons
- Feature-rich yet easy to use
- One of the best VPNs around
- Strong no-logging policy
- Reliable support you can reach 24/7
- Limited number of servers in Africa and the Middle East
- Kinda pricey