NordVPN has published the results of its most recent independent security audit, which was conducted by “global, counterculture” security firm VerSprite.
The VPN service invited VerSprite, which had previously uncovered vulnerabilities in NordVPN, to look into its custom apps for Android, iOS, Windows, and MacOS.
The auditors, who specialize in software vulnerabilities, conducted a penetration test, which involved simulating malicious attacks on the apps, and identified internal architecture that could make the apps vulnerable to those attacks.
The team identified seven low-level, six medium-level, and four high-level vulnerabilities, which were “meticulously eliminated and then tested again.”
There were no critical-level vulnerabilities.
“We are very pleased with the results — this audit made our apps even stronger. After the initial Application Penetration Test, our developer team followed the auditor’s recommendations and implemented a few changes,” says Laura Tyrell, Head of Public Relations at NordVPN.
“We’re keeping our pledge and intend to regularly audit our service in the future to help verify our systems match the highest standard.”
While the auditor’s report is not public as of yet, NordVPN says that it will be made available to users through their website profiles at a later date.
This isn’t the first time that NordVPN has completed an independent audit of its services.
During October and November 2018 PricewaterhouseCoopers AG (PwC) carried out an audit of NordVPN’s no-logs policy, a first for the VPN industry.
The independent auditors reviewed NordVPN’s servers and code, and interviewed employees in charge of maintaining the VPN service.
While NordVPN is not permitted to quote from the audit, which is available to NordVPN users only, a blog post announcing the audit says: “The auditors’ goal was to see if our service lives up to our claims of providing a no-logs VPN service, and we believe we’ve passed the test,”
“Hopefully, other VPNs will follow suit, as that can only lead to more privacy and security for everyone!”
Mullvad, Surfshark, and TunnelBear have also undergone independent security audits.
Each one of these independent audits raise the bar for transparency standards within the VPN industry.