NordVPN has announced the results of an independent audit conducted by German cybersecurity firm Cure53, an experienced expert in VPN evaluation.
NordVPN is a leading and highly-trusted VPN service provider, and audits from independent firms help reinforce its credibility by validating its technical excellence promises and assuring customers that they are not mere marketing tactics.
These security audits can often discover unknown security problems on the VPN services, helping the vendor fix them before hackers have a chance to exploit them.
The scope of this latest audit covered both NordVPN’s infrastructure and applications, so it was pretty wide and comprehensive.
NordVPN’s infrastructure compromises the servers that manage the VPN connections and facilitate the transfer of data between clients and websites and online services, but also includes authentication systems, encryption mechanisms, and supporting elements such as switches, routers, and firewalls.
Cure53 examined the above between September and October 2022 and found a medium-severity arbitrary file read vulnerability, an issue of local code execution potentially leading to privilege escalation, and a Docker container escape problem.
Between July and August 2022, Cure53 examined all NordVPN apps for desktop and mobile, as well as the vendor’s websites, browser extensions, and APIs. The findings of that penetration testing report are more extensive.
Specifically, Cure53 found a critical-severity flaw on the Linux client, allowing privilege escalation to root via notifications. The root is the administrator on Linux systems, so having the ability to execute commands as such can have catastrophic consequences.
Another important finding was a high-severity bug in the macOS client, which allowed attackers to abuse the VPN helper log to overwrite the content of root-owned files. The ramifications of this include data loss and system failure.
Thirdly, the analysts found a high-severity vulnerability in the macOS client again, concerning the lack of code signature verification during extension loading, allowing a malicious actor to load arbitrary extensions.
The remaining of Cure53’s discoveries where either low-severity issues or recommendations for strengthening the products’ security, such as adding screenshot protections on Android or implementing system restrictions for local storage on iOS.
In general though, the auditors were satisfied with the security performance of NordVPN.
“In summation, the relatively typical volume of vulnerabilities detected for a scope of this magnitude indicates that the entire client software complex has already made strong progress from a security perspective.”– Cure53
Cure53 also highlighted the performance of NordVPN’s mobile applications specifically, saying that its analysts “garnered a robust impression and are observably effective in minimizing the attack surface.”
Considering that VPNs are increasingly used while on the go, needing a safe and reliable private connection via public WiFi networks, it is very important that the mobile apps don’t give attackers many opportunities for exploitation.
If you want to dive deeper into Cure53’s findings, you can check the server and infrastructure report and the apps and add-ons report.
NordVPN has addressed all of the issues identified by Cure53, so they’re no longer relevant. To ensure optimal security, it is recommended that users keep their VPN clients up-to-date and promptly apply any available security updates.
Great article Heinrich!
Well done to NordVPN, especially for making the audit result public.
Does NordPass and Nordlocker ever get audited?
I am happy to hear that after addressing the issues found by Cure53, NordVPN is still top-notch.
Thanks for the update!