hacker

ExpressVPN has updated its bug bounty program to make it more inviting to ethical hackers, now offering a one-time $100,000 bug bounty to whoever can compromise its systems.

ExpressVPN is one of the most widely used VPN (virtual private networks) products, which offers users web browsing privacy and the ability to bypass geo-restrictions.

This privacy is achieved by passing the user's internet traffic through encryption tunnels, while the user's actual IP address is hidden behind one provided by the VPN service.

As such, compromising the security of this type of system results in failure on one of the most critical selling points of these products, users' privacy.

This is why ExpressVPN offers a bug bounty program, allowing security auditors and researchers to report vulnerabilities in the company's infrastructure and software and receive monetary bug bounty rewards.

New $100,000 bounty for critical bugs

Today, ExpressVPN announced that they are now offering a $100,000 bug bounty for critical vulnerabilities in their in-house technology, TrustedServer.

"This is the highest single bounty offered on the Bugcrowd platform and 10 times higher than the top reward previously offered by ExpressVPN," the company shared in an email to BleepingComputer.

The new $100,000 one-time bounty is offered with the following conditions:

  • The first person to submit a valid vulnerability, granting unauthorized access or exposing customer data, will receive the US$100,000 bounty. This one-time bonus is valid until the prize has been claimed.
  • The one-time US$100,000 bounty is only eligible for vulnerabilities in ExpressVPN’s VPN Server.
  • Activities should remain in scope to the TrustedServer platform. If unsure that your testing is considered in-scope, please reach out to support@bugcrowd.com to confirm first.

ExpressVPN also invites security researchers to uncover possible ways to leak the actual IP address of clients and monitor user traffic.

The bug bounty program is run through BugCrowd, which offers a safe harbor for researchers who attempt to breach ExpressVPN's servers as part of the program.

A tough nut to crack

TrustedServer is a custom-built operating system based on Debian Linux, featuring proprietary security enhancements that make it ideal for use in VPN infrastructure.

ExpressVPN follows a RAM-only approach for its servers and employs a periodic data wiping system that activates upon reboots.

The system has a build verification that prevents insider code tampering events and is patched every week with clean installations on every ExpressVPN server.

It will likely be hard to find bugs to leverage, especially after the bug bounty program has been available for the past six years, hence the hike in the payouts.

If you're confident in your hacking abilities and interested in the above challenge, you can take part in the program from here.

Related Articles:

Microsoft fixes VPN failures caused by April Windows updates

New Fog ransomware targets US education sector via breached VPNs

Check Point VPN zero-day exploited in attacks since April 30

Check Point releases emergency fix for VPN zero-day exploited in attacks

Hackers target Check Point VPNs to breach enterprise networks