Independent auditors have put the security infrastructure of all NordVPN's applications under the microscope and found no critical issues, yet again.
Leading auditing firm Cure53 carried out a series of tests across all NordVPN desktop applications, mobile apps, browser extensions, and some key features. Experts uncovered a total of 31 findings, which the Nord team mostly fixed at the time of writing.
The security audit results come only a few weeks after TechRadar's best VPN provider also proved its no-log claims with a third-party check, showing the provider's continuous commitment to transparency, privacy and security.
NordVPN security audit
Experts at Cure53 conducted a mix of penetration and source code reviews between June and August 2024, for a total of fifty-five days.
As mentioned earlier, NordVPN apps (Windows, macOS, Linux, iOS, and Android VPN) and browser extensions (Chrome, Edge, and Firefox) weren't the only tech to be inspected. Auditors also took apart NordVPN Threat Protection, Threat Protection Pro, and Meshnet.
Cure53 found a total of 31 findings, with 22 being classified as security vulnerabilities (with some ranked as High) and nine as general weaknesses with lower exploitation potential.
"This security assessment revealed a high number of issues. However, given the broad scope included in Cure53’s examination, and the large attack surface it encompassed, a higher than average number of issues was to be expected," noted auditors in their final report, sharing recommendations to fix these issues.
At the same time, however, auditors observed "the system utilized several well-regarded libraries, including NGHTTP2, OpenSSL, and Boost," which are known for their stability and security.
On their side, NordVPN has welcomed Cure53 suggestions and already enforced a fix for most of the issues, which was also verified by Cure53.
"Security is at the core of everything we do at NordVPN. Independent assessments like this allow us to continuously refine our technology and stay ahead of emerging threats," said NordVPN CTO Marijus Briedis, ensuring the team swiftly implemented all necessary improvements to ensure the highest level of protection for users.
Despite the findings, the provider explains, the latest Cure53 assessment has confirmed that NordVPN apps are built on a strong security foundation as no critical issues were found.
The security audits come as the provider confirmed its no-log claims for the fifth time since 2018 back in February. In that instance, experts at Deloitte inspected NordVPN's server configuration and relevant IT systems to ensure data related to users' activities is never logged as stated in its privacy policy.
"Our work towards improving security is never finished, and we will keep moving forward," said Briedis. "We are proud of these results and will keep making NordVPN one of the most secure VPN services available to everyone."
You can read the full Cure53 report by heading to the user control panel on the provider website or clicking here.
