Penetration test confirms security of ExpressVPN’s Windows app


ExpressVPN has announced that its VPN app for Windows received a certificate of good health following an independent security audit conducted last year.

From November to December last year, cybersecurity firm F-Secure conducted a penetration test of the company’s Windows client in an effort to identify any security weaknesses within the application. Specifically, ExpressVPN wanted to know if an attacker could use their Windows application to execute code remotely while ensuring that no user information was leaked or IP addresses were leaked.

In his Security assessment of ExpressVPN’s Windows app version 10, F-Secure reported that none of the targeted vulnerabilities were found. According to the report, it was not possible to obtain information about the company’s customers or network traffic from its application. At the same time, the application itself is not susceptible to Man-in-the-Middle (MitM) attacks, TLS downgrading, packet injection, or other methods used to execute software. remote code.

Among the security issues reported by F-Secure, one was low-severity while the others were informative. No critical, high, or medium issues were found, and ExpressVPN has since resolved the issues raised in the company’s report. These fixes were also confirmed by F-Secure in a retest that took place in February this year.

More audits to come

In addition to informing businesses of potential security vulnerabilities in their software and services, VPN audits also make it easier for consumers to choose the right VPN for their needs.

While ExpressVPN tests its software internally, the company also regularly engages with independent security experts to evaluate its products and validate the accuracy of its claims. Going forward, the company plans to conduct even more audits this year on all of its VPN clients, core technology, and even its privacy policy.

In the past, ExpressVPN has had its proprietary Lightway VPN protocol, browser extensions, build verification process, and internal Trusted Server technology audited by PwC Switzerland and Cure53.

Head of Cybersecurity at ExpressVPN, Aaron Engel provided additional information in a blog post on F-Secure’s recent independent security audit as well as the company’s plans for future audits, saying:

“F-Secure’s report showcases the strength of our product and validates the high-quality work done by ExpressVPN’s engineers and security experts. This is the first of several audits coming in 2022, and we are committed to continuing to provide independent reporting on all of our client applications, core technology, privacy policy, and more.

Previous The 4 Best Download Manager Add-ons for Firefox
Next AMD Software Adrenalin 22.3.2 Radeon Drivers