Penetration test confirms the security of ExpressVPN’s Windows app
F-Secure found no major security issues in the VPN provider’s Windows client
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
ExpressVPNhas announced that itsVPNapp for Windows has been given a clean bill of health following an independent security audit conducted last year.
From November to December of last year, the cybersecurity firmF-Secureconducted a penetration test of the company’s Windows client in an attempt to identify any potential security weaknesses within the app. More specifically, ExpressVPN wanted to know if an attacker could use its Windows app to execute code remotely while also ensuring that no user information was disclosed or IP addresses were leaked.
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.
Click here to start the survey in a new window«
In itssecurity assessmentof version 10 of ExpressVPN’s Windows app, F-Secure reported that none of the targeted vulnerabilities were found. According to the report, it was not possible to gain information about the company’s clients or out of network traffic from its app. At the same time, the app itself is not susceptible to Man-in-the-Middle (MitM) attacks, TLS downgrading, packet injection or other methods used to execute code remotely.
Of the security issues flagged by F-Secure, one was low-severity while the others were informational. No critical, high or medium issues were found and ExpressVPN has since fixed the issues raised in the firm’s report. These fixes were also confirmed by F-Secure during a re-test which took place in February of this year.
More audits to come
In addition to letting companies know about potential security flaws in their software and services,VPN auditsalso make it easier for consumers when it comes to picking out the right VPN for their needs.
While ExpressVPN tests its software internally, the company also regularly engages with independent security experts to assess its products and validate the accuracy of its claims. Going forward, the company plans to conduct even more audits this year on all of its VPN clients, core technology and even itsprivacy policy.
In the past, ExpressVPN has had audits conducted on its proprietaryVPN protocolLightway, itsbrowser extensions, its build verification process and its in-house technology Trusted Server by both PwC Switzerland and Cure53.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
ExpressVPN open-sources Lightway protocol and unveils security audit results
ExpressVPN just majorly upped its bug bounty reward
VPN audits: what do they mean and why are they important?
Head of cybersecurity at ExpressVPN, Aaron Engel provided further insight in ablog poston the recent independent security audit from F-Secure as well as the company’s plans for future audits, saying:
“The report from F-Secure showcases the strength of our product and validates the high-quality work that ExpressVPN engineers and security experts have been doing. This is the first of multiple audits to come in 2022, and we are committed to continuing to deliver independent reports on all of our client apps, core technology, privacy policy, and more.”
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
Is it still worth using Proton VPN Free?
Mozambique VPN usage soars as internet restrictions continue
Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set
