nordvpn app security audit
Image source: nordvpn.com

Looks like for NordVPN, being labeled “the most secure VPN on the market” is no longer enough.

NordVPN is famous for its incredibly proactive approach to privacy. After their no-logs policy audit performed by PwC late last year, the company returns with another banger – a full-fledged independent application security audit aimed at ensuring that NordVPN software matches the absolute highest security standards.

VerSprite audit confirms NordVPN application security

The in-depth app security audit was conducted by VerSprite, an operational risk management and security consultancy whose specializations include vulnerabilities, risks, and threats in software applications.

VerSprite performed a penetration test on the NordVPN apps for Windows, Mac, Android, and iOS by simulating “real-world attack scenarios and threats by a malicious actor,” which involved attempts to gain access to confidential user data, looking for vulnerabilities that could result in IP leaks, as well as trying to maliciously escalate security privileges.

According to Laura Tyrell, Head of Public Relations at NordVPN, “VerSprite’s goal was to see if we measure up to our claims, and the penetration test helped us to make our apps even better.”

Particularly promising results

During the NordVPN app security audit, 7 low-level, 6 medium-level, and 4 high-level vulnerabilities were found and fixed. At the same time, NO critical-level vulnerabilities were detected by VerSprite.

According to NordVPN, the low-to-medium-level vulnerabilities provide “minimal access to the app and user data,” while 4 high-level vulnerabilities found required the user’s device to “already be severely compromised to actually work.”

Clearly, NordVPN was very pleased with the outcome of the audit. They write:

“After the initial Application Penetration Test, our developer team followed the auditor’s recommendations and implemented a few changes.”

With technical recommendations from an AppSec firm as high caliber as VerSprite, these changes should help make NordVPN’s apps even more secure than before. This is incredibly welcome news, especially in the VPN industry, where security and trust are the main selling points for the vast majority of service providers.

What’s even more encouraging, is the fact that the company doesn’t intend to stop there and promises to make independent audits a regular occurrence for NordVPN, as well as their upcoming security solutions, including the NordPass password manager and the NordLocker file encryption tool.