Another independent audit gives NordVPN a clean bill of health

VPN on a phone in hand

VPN providers just can’t stop getting independent audits these days and NordVPN has added to its already extensive list by undergoing an independent infrastructure and app security evaluation.

The good news for both NordVPN and their subscribers is that it has given them a clean bill of health with all vulnerabilities that were uncovered quickly dealt with.

NordVPN’s latest independent audits

The latest independent audit of NordVPN has been carried out by Cure53, a German cybersecurity company that is rapidly becoming the independent auditor of choice for many VPNs when it comes to technical matters such as these.

Cure53 has taken a detailed look at the security concepts and maturity of NordVPN’s architecture.

They conducted penetration tests and source code audits on the NordVPN servers, infrastructure, and NordVPN desktop applications for Windows, Linux, and macOS as well as the mobile applications for Android and iOS.

But that wasn’t all. In addition, Cure53 also conducted a full investigation and a thorough audit of the NordVPN websites, browser extensions, API, and Threat Protection API.

They also looked at NordVPN’s Pricing API, Nord Account, Nord Checkout, Nord UCP, VPN servers, and NordLynx server-side code.

It was, as you can probably already gather, a very thorough assessment.

The server and infrastructure tests took place during September and October 2022, while Cure53 look at the NordVPN apps and add-ons slightly earlier, in July and August 2022.

The results of these audits were overwhelmingly positive.

What the new NordVPN independent audits show

Firstly, the results of the independent audit of NordVPN’s mobile applications (the apps which the overwhelming majority of their customers use on a daily basis) were extremely positive.

The Cure53 report commented specifically on the mobile apps that they had “garnered a robust impression and are observably effective in minimizing the attack surface.”

But it was not just the mobile apps that got a clean bill of health. The rest of the NordVPN infrastructure did as well.

While a number of minor vulnerabilities were discovered, this is to be expected in such a thorough audit of this type. Both Cure53 and NordVPN were at pains to stress that all of these minor vulnerabilities were quickly dealt with as soon as they had been identified by the auditors.

The Cure53 report concludes that, “In summation, the relatively typical volume of vulnerabilities detected for a scope of this magnitude indicates that the entire client software complex has already made strong progress from a security perspective.”

NordVPN pleased with positive audit results

NordVPN itself, and its parent company Nord Security, were understandably pleased with the results.

Marijus Briedis, who serves as the CTO of NordVPN, commented that, “dedication to product development and a happy customer always pay off. We continuously improve the overall performance of our service and develop advanced VPN features, giving our users increased online security.

He went on to confirm that, “Our developers fixed all detected vulnerabilities, and they were approved by Cure53, ensuring that NordVPN implemented all mitigations correctly.”

This audit and the fast response of NordVPN to the minor issues that it identified highlighted Nord Security’s eagerness to ensure transparent operations, advanced online security, and reliable user privacy.

For any current or future NordVPN customers who want to take a look at the final Cure53 report that came out of their audit, NordVPN has made complete reports of these assessments available to all users through the user control panel on their website.

So you can log into your account and see all the details there.

This is the latest in a long line of audits that NordVPN has undertaken of its own volition to show its current and future subscribers that it is serious about its user’s privacy and security.

Back in January, NordVPN announced its third no-log policy audit which looked at all of their privacy policies and provisions to ensure they were compliant with NordVPN’s claim to be a no user logs VPN.

Deloitte, one of the industry-leading Big Four auditing firm, undertook that audit and concluded that not only are NordVPN’s customers provided with a VPN service that is fully compliant with its no-logs policy, but that this no user logs guarantee is robust and foolproof as well.

This latest independent audit shows that their infrastructure is similarly reliable and marks NordVPN out as one of the most thorough, dependable, and trustworthy VPNs on the market right now.

And these regular audits should reassure current and future users that they intend to remain that way for a long time to come yet.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign up to our newsletter

Get the latest privacy news, expert VPN guides & TV unblocking how-to’s sent straight to your inbox.