Mullvad VPN is a well-liked privacy-focused VPN service. The service is utilizing a disk-less infrastructure and has not too long ago began to run encrypted DNS servers in RAM as nicely. You may additionally purchase Mullvad codes on Amazon or via different ways in which maintain you nameless.
In late 2024, Mullvad requested Germany-based X41 D-Sec to conduct an audit of the service, making it the fourth exterior safety audit since 2018.
Firm engineers had been tasked with auditing the supply code of Mullvad’s VPN apps on all platforms and performing penetration testing. This happend between October and November 2024.
Vulnerabilities had been discovered
X41 D-Sec found a complete of six vulnerabilities.
- Three high-security vulnerabilities.
- Two medium-rated vulnerabilities.
- One low vulnerability.
Moreover, the researches discovered three points with safety influence.
Mullvad addressed the problems that had been inside scope. Among the found points should not fixable by Mullvad, as they’re present in sure behaviors of working methods or protocols.
The three safety points rated excessive are all mounted. They had been:
- A possible heap corruption problem on Android, Linux, and macOS.
- A difficulty with the fault sign handler in mullvad-daemon affecting Android, Linux, and macOS.
- Use of taskkill.exe on Home windows within the installer with out use of absolute paths.
Not all points might be mounted by Mullvad
One problem, rated medium, for example, which can leak the digital IP handle of tunnel units to community adjoining members, impacts Linux and Android solely. On Linux, Mullvad solved the problem by altering a kernel parameter.
On Android, Mullvad’s app has no management over that parameter. The corporate did report the problem to Google, hoping that Google will change the default conduct on Android to deal with this.
It must be famous that the problem impacts different apps on Android as nicely. Mullvad says that it doesn’t take into account the leak excessive severity. It might nevertheless leak the tunnel IP to observers. IPs get modified month-to-month, however signing out of the app and again in once more offers the shopper a brand new tunnel IP handle as nicely.
Closing Phrases
Safety audits discover potential vulnerabilities, which firms might then repair proactively. They might additionally assist instill confidence in current or future customers of the service, particularly if carried out often.
Now it’s your flip. Do you us a VPN answer? In that case which and why? Be happy to go away a remark down beneath.
Abstract
Article Title
Mullvad VPN audit: low variety of vulnerabilities discovered and glued, plenty of reward
Description
A 2024 audit of Mullvad VPN found a low variety of potential safety points. Right here is how Mullvad reacted.
Creator
Martin Brinkmann
Writer
Ghacks Know-how Information
Brand
Commercial
