NordVPN, one of the leading vendors in the world of VPN (virtual private network) products for the consumer market, has collaborated with an independent auditor to test their security and privacy claims. The company that undertook this task is VerSprite, US-based cybersecurity, and information security expert. VerSprite tested for any vulnerabilities that could hide under the hood of NordVPN, performing simulated malicious attacks in the context of a fully-fledged penetration testing program. The team of the researchers tested the NordVPN apps from every angle, and through their work, helped the developers to implement targeted optimizations and corrections.
As NordVPN claims, VerSprite actually found a few vulnerabilities, linked them to specific technical and architectural elements, and reported them in detail. Then, NordVPN engineers took over and eliminated the flaws by introducing targeted fixes, after which the process of the penetration testing was repeated. More specifically, VerSprite found 7 low-level, 6 medium-level, 4 high-level vulnerabilities, and none that could be categorized as “critical”. All of the findings were patched, re-tested, and confirmed to having been fixed. As far as VerSprite could make out, there are no other security flaws in NordVPN apps.
As a hacker once said, security flaws are always there and finding them is only a matter of time and looking harder. That said, NordVPN is proud of the fact that the penetration testing audit resulted in the discovery of very few vulnerabilities, proving that their product was already very robust and very hard to crack. Of course, after this latest audit, breaking into NordVPN is now immensely difficult. Naturally, people may wonder about the high-level flaws that were found in NordVPN products, and whether these were already under active exploitation or not.
As the internet company clarifies, the exploitation of the discovered high-level flaws would be especially hard for the attackers, presupposing a level of compromise, and requiring physical access on the target device. That said, these high-level flaws only opened the door to deeper access onto the victim’s data, after initial access to the system has already been established through other means. Long story short, NordVPN doesn’t believe that there are cases of active exploitation of the discovered flaws in their products, and they have no proof or indication towards that.
Do you trust NordVPN, or do you prefer a different VPN product? Let us know of your choice in the comments section beneath, or join the discussion on our socials, on Facebook and Twitter.