The trend for VPNs to carry out independent audits to confirm their security and privacy claims shows no signs of abating which is great news for VPN users.
The latest audit has been run to test the security of the various apps offered by NordVPN. Regular readers with long memories might recall that the people behind NordVPN promised a security audit last year amid unfounded data mining allegations levelled against them.
They have also used one of the big four accountancy firms, PricewaterhouseCoopers AG to test their no user logs guarantee with favourable results.
How the NordVPN app security audit worked
Their application security audit has been carried out by a company called VerSprite which describes itself as a leading operational risk management and security consulting firm.
Their particular specialism is finding vulnerabilities, risks, and threats in application software which makes them the ideal people for this task.
“Our customers invested their trust in us, and we have a responsibility to live up to their expectations by providing quality service,” explained NordVPN’s head of public relations, Laura Tyrell.
“VerSprite’s goal was to see if we measure up to our claims, and the penetration test helped us to make our apps even better.”
VerSprite’s methodology revolves around simulating real-world attack scenarios and threats by a malicious actor. They attempt to access confidential user data and identify vulnerabilities.
The NordVPN test was broken down into three phases.
The first phase involved stress-testing their API endpoint and Clients Panel, the second tested their iOS and Android apps, and the third scrutinised their desktop apps for Windows and macOS devices.
As and when a vulnerability was discovered, it was reported to the NordVPN team who quickly fixed it and then retested to ensure that the issue had been resolved.
What the NordVPN app security audit unearthed
To their credit, NordVPN has been very open about the findings of the audit, which not all VPNs are.
In this blog post, they confirm that VerSprite identified four high-level vulnerabilities, six medium level vulnerabilities, and seven low-level vulnerabilities. According to NordVPN, all of these have now been resolved and the fixes rolled out to users in updates.
As Laura Tyrell commented, “We are very pleased with the results — this audit made our apps even stronger.”
She also pledged to make independent audits like this one a regular feature for NordVPN users moving forward.
“We’re keeping our pledge and intend to regularly audit our service in the future to help verify our systems match the highest standard,” she said.
Good news for NordVPN customers
While NordVPN customers might be a little worried about the number of vulnerabilities identified in this audit, it is actually good news.
The auditors confirmed that NordVPN’s security was in good shape and by identifying and patching these issues, NordVPN is now even more secure.
All applications contain some vulnerabilities. What users want to know is that the companies operating these apps are proactively looking for and fixing these issues and not leaving them out there for hackers and other malicious activists to unearth.
NordVPN’s commitment to running audits like this on a regular basis shows that they are serious about their security and for their customers that can only be good news.
It is another step for NordVPN on the road towards their aim of becoming a complete cybersecurity resource.
Already this year, they have launched their own password manager tool, NordPass and their own file encryption service NordLocker. They have also announced the development of NordLynx which uses the exciting new WireGuard VPN protocol.
Competition within the VPN market is fierce and NordVPN knows it has to work hard to keep its sizable market share.
They currently boast more than 12 million users worldwide. But if they want to keep those users and add to them, they need to keep innovating and ensuring their service lives up to their claims.
This latest app security is just more indication that NordVPN is on the right track.