Independent auditors have set the security infrastructure for all NordVPN’s applications under the microscope once again and show the provider’s continuous obligation to transparency, privacy and security.
In fact, the results of the Security Audit Auditor come only a few weeks after Techradar’s best VPN provider also proved its requirements without a log with a third-party control.
Leading Audit Company Cure53 performed a number of tests across all NordVPN -Desktop applications, mobile apps, browser extensions and some key features. Experts found a total of 31 finds – despite none of them being critical – which the North team mostly fixed at the time of writing.
NordVPN Security Audit
Experts at Cure53 conducted a mixture of penetration and source code reviews between June and August 2024 a total of twenty -five days.
As mentioned earlier, NordVPN apps (Windows, MacOS, Linux, iOS and Android VPN) and browser extensions (Chrome, Edge and Firefox) were not the only tech inspected. Auditors also separate NordVPN threat protection, threat protection project and meshnet.
Cure53 found a total of 31 finds in which 22 were classified as safety vulnerability (with some ranked so high) and nine as general weaknesses with lower utilization potential.
“This security assessment revealed a large number of problems. Given the broad extent included in Cure53’s investigation, and the large attacking surface it covered was expecting a higher number of questions,” alleged auditors in their final report and shared recommendations to resolve these questions.
At the same time, however, auditors observed “the system used several well -considered libraries, including NGHTTP2, Openssl and Boost”, which is known for their stability and security.
On their side, NordVPN has welcomed Cure53 proposals and already enforced a solution in most of the problems, which were also verified by Cure53.
“Security is at the heart of everything we do at NordVPN. Independent assessments like this, allow us to continuously refine our technology and keep us in front of new threats,” said NordVPN CTO Marijus Biedis, ensuring that the team quickly implemented all necessary improvements to ensure the highest level of protection for users.
Despite the results, the provider explains, the latest Cure53 assessment has confirmed that the NordVPN apps have been built on a strong security foundation as no critical problems were found.
The security audits are coming when the provider confirmed his non-log demands for the fifth time since 2018 back in February. In this case, experts in Deloitte NordVPN’s server configuration and relevant IT systems inspected to ensure that data related to users’ activities is never logged as stated in its privacy policy.
“Our work to improve security is never finished and we will continue to move forward,” Biedis said. “We are proud of these results and will continue to make NordVPN one of the most secure VPN services available to everyone.”
You can read the full Cure53 report by going to the user control panel on the provider’s website or clicking here.
We test and review VPN services in connection with legal recreational uses. For example: 1. Access to a service from another country (subject to the conditions of this service). 2. Protecting your online security and strengthening your online privacy when you are abroad. We do not support or condolate the illegal or malicious use of VPN services. Consuming pirated content paid for is neither approved nor approved by future release.
