RealVNC First Ever remote access solution to perform a white-box audit to validate security

RealVNC First Ever remote access solution to perform a white-box audit to validate security-01

 RealVNC’s VNC Connect, the remote access service used by hundreds of millions of people around the world, has been audited by Cure53, a Berlin, Germany-based IT security consultancy that has also audited other industry-leading software like Mozilla VPN, 1Password, and Bitwarden. The full audit, which took 86 person-days and covered VNC Server and VNC Viewer on Linux, Windows, and Mac, VNC Viewer for iOS and Android, VNC Connect management portal, and backend services, yielded 38 security-relevant findings, none of which were critical; only three were found to be of high severity, and these were corrected immediately. The report concludes that RealVNC places great importance on the security posture of all its components.

« En tant que technologues chargés d’apporter l’accès à distance au marché de masse, nous sommes en train d’établir aujourd’hui de nouvelles normes et attentes en matière de sécurité face aux défis auxquels est confronté le monde informatique moderne. Les acheteurs informatiques de technologies d’accès à distance ne devraient attendre rien de moins qu’une validation indépendante et exhaustive par des tiers des revendications des fournisseurs. Ceci est particulièrement vrai pour les logiciels d’accès à distance où les enjeux sont élevés, et une erreur pourrait nuire à la réputation ou même se révéler dévastatrice. Avec le rapport de Cure53, les acheteurs peuvent être certains de ne jamais regretter le choix de RealVNC comme fournisseur d’accès à distance », a déclaré Adam Greenwood-Byrne, PDG de RealVNC.

Un audit de sécurité en boîte blanche est nettement plus approfondi qu’un test d’intrusion en boîte noire plus courant (que RealVNC commande également chaque année à une organisation externe), car les auditeurs ont accès à l’ensemble du code source, aux fichiers binaires et à la documentation relative aux API/au protocole. Sur les 38 vulnérabilités trouvées dans la gamme de logiciels et de services testés, 32 ont été correctement corrigées – avec les correctifs confirmés par Cure53 – tandis que les six autres ont été signalées comme de fausses alertes ou fonctionnant comme prévu et jugées comme présentant un moindre niveau de risque.

“At RealVNC, we believe that no company should ever take a vendor’s word for it when it claims its software is secure. So we chose to have a white box audit performed by a highly reputable security consultancy to prove it,” said Andrew Woodhouse, CIO at RealVNC.

The Cure53 team is highly motivated to find problems when performing white box penetration testing. The fact that no critical threats were detected reinforces RealVNC’s desire to ensure that its customers are protected from threats when using VNC Connect.

“Cure53 is pleased to confirm that the preparation and execution of the tests as well as the verification of the patches (one of the most important parts of an audit) were carried out smoothly and in a professional manner. It is clear that RealVNC seeks first and foremost to ensure the security of VNC Connect and that the company is ready and determined to maintain the high standards we have observed,” said Dr-Ing. Mario Heiderich, founder of Cure53.

Also Read: Cyber Risks Haul Organizations’ Efforts Adopting New Technologies

Based in Cambridge, RealVNC’s products for desktop, mobile and embedded platforms, allow users to easily access and operate devices remotely, while allowing remote users to work with technicians to easily troubleshoot The problems.

“We do not shy away from the issues raised in the report. We have actively resolved issues as they have arisen, and since security is an ever-changing landscape, we will continue to keep VNC Connect secure in future iterations of the service,” said Ben. May, Head of Cybersecurity at RealVNC.

To view Cure53’s audit summary, click here , and to learn more about why RealVNC chose to conduct an audit with Cure53, click here .

For more such updates follow us on Google News ITsecuritywire News