Your IP: Unknown · Your Status: Unprotected Protected

NordVPN completes app security audit

Oct 09, 2019 · 2 min read

NordVPN completes app security audit

It takes more than just promises to be a world-leading VPN. That’s why we hired a team of world-class security researchers to scour NordVPN’s apps of any vulnerabilities they could find. The results of our security audit offer a look at the work our team puts in every day to make NordVPN as secure as possible.

A security audit is like testing the security of your bank vault by hiring world-class engineers, detectives and researchers, giving them the blueprint to your vault, and asking them to find ways to break in. We invited VerSprite, a leading security research group specializing in software vulnerabilities, to search our apps inside and out with total access to ensure they found everything possible.

After analyzing our infrastructure, their team simulated malicious attacks on the apps from every angle (a penetration test) while also identifying internal architecture that could make the apps vulnerable to those attacks. As soon as they found and documented a vulnerability, they reported it to us so our team could get to work. Every single potential vulnerability they found was meticulously eliminated and then tested again.

Despite undergoing a thorough search by a team of seasoned cybersecurity researchers, very few vulnerabilities were found and we are proud of the results. The researchers encountered an already highly secure environment that is now even harder to breach.

Here’s what they found:

The researchers examined our Android, iOS, Windows and Mac apps.

  • 7 Low-level vulnerabilities were found and fixed;
  • 6 Medium-level vulnerabilities were found and fixed;
  • 4 High-level vulnerabilities were found and fixed;
  • 0 Critical-level vulnerabilities were found and fixed.

(NOTE: The audit’s remediation report, which contains details on the vulnerabilities and confirmation that they have been fixed, will later be made available to NordVPN users through their website profiles.)

Here’s what those numbers mean:

Low- and Medium-level vulnerabilities provide minimal access to the app and user data. Their presence is not a serious issue, but we’ve patched them all up anyway.

Every high-level vulnerability found by VerSprite required the user’s device to already be severely compromised to actually work. This means the vulnerabilities were moot – a hacker with this much access to your device would have free reign over your device anyway and could simply watch anything you do while using NordVPN instead of hacking it. These high-level vulnerabilities could have provided deeper access to the user’s data, but they have all been fixed.

No critical-level vulnerabilities were found.


Daniel Markuson
Daniel Markuson successVerified author

Daniel is a digital privacy enthusiast and an internet security expert. As the blog editor at NordVPN, Daniel is generous with spreading news, stories, and tips through the power of a well-written word.


Subscribe to NordVPN blog