Express VPN has revised its bug bounty program to invite more ethical hackers. This time, the company offers a one-time $100,000 bounty to whoever succeeds in compromising its systems.
ExpressVPN holds a high reputation, making it the most widely used virtual private networks products, enabling users to bypass geo-restrictions and enhance web browsing privacy.
Essentially, the service passes your internet traffic through an encryption tunnel which hides the IP address and provides a different one making it hard for hackers to access your system.
With such encryption, hackers find it complicated to track the user’s PC as all the credentials are kept private by the VPN. In other words, the users’ privacy is the most critical selling point of the product.
Now, ExpressVPN seeks to assure its users that its services are top-notch while providing an avenue for ethical hackers to identify any loopholes in the system and help perfect it even better. TrustedServer’s $100,000 bug bounty program targets researchers and security auditors to report any vulnerabilities they discover in the software and infrastructure.
Conditions For the Bug Bounty
It’s worth noting that the $100,000 bug bounty is the highest single offered on the Bugcrowd platform and ten times higher than ExpressVPN’s previous reward. Ethical hackers will receive this bounty if they meet the following conditions:
- They should expose vulnerabilities only in the Express VPN server.
- Be the first person to submit a valid vulnerability that exposes customer data or unauthorized access.
- The prize will be available until it’s claimed.
- As an ethical hacker or researcher, you should restrict the research activities to the server and consult support if you’re unsure that your testing will be considered in scope.
A Tough Nut to Crack
Express VPN’s TrustedServer is a custom-built OS with proprietary security enhancements that make it ideal for virtual private network infrastructure.
The infrastructure follows a RAM-only approach for all its servers employing a data wiping system that activates on every reboot.
Besides, the system boasts a build verification patched every week to prevent insider code tampering. The weekly patches provide clean installation on every server, making it hard for hackers to follow through.
Therefore, we don’t expect ethical hackers to find bugs in the system since the program has been around for a long time and the payouts keep rising. However, you can participate in the program if you’re interested in the challenge and are confident in your research and hacking abilities.