Cure53 VNC Connect whitebox penetration test

Cure53 security audit reaffirms RealVNC’s strong security stance

RealVNC has recently engaged with Berlin-based security consultancy Cure53 to perform a complete security audit of its flagship VNC Connect remote access service. The audit included VNC Server and VNC Viewer on all supported platforms (Windows, Mac, Linux, Android, and iOS), the VNC Connect management portal, and backend services.

The extensive security audit, performed in early 2022, involved giving Cure53 access to all source code, protocol documentation, and development teams. More details in the press release, here.

Independent security audits, also known as white-box penetration tests, provide a comprehensive assessment of both the internal and external system landscape, looking for issues that may compromise security. They involve access to the source code for a full code audit, access to documentation such as API and internal docs, and a communication line to the developers/stakeholders for questions and feedback.

Aside from being a much more in-depth and thorough review than a traditional penetration test, white-box testing also allows you to prepare for scenarios such as insider threats or when an attacker has obtained detailed internal information.

Who are Cure53?

A German security firm with a strong and respected presence in the industry, Cure53 is known for reviewing similar technologies to ours. Their motto is “fine penetration tests for fine websites,” and some of the names they’ve worked with include Mozilla VPN, Opera VPN, and 1Password. You can take a look at some of their previous work here and the RealVNC summary report here.

Why?

We believe that security is a critical aspect of modern technology services. Customers should be asking for this level of transparency from any prospective supplier, particularly given that Remote Access software is powerful and any vulnerability can be disastrous.

At RealVNC, we operate from the standpoint that no company should ever take a vendor’s word for it when they claim their software is secure, which is why we chose to complete a white-box audit with a highly regarded security consultancy to prove it”, said our Chief Information Officer, Andrew Woodhouse.

What?

Cure53 has provided us with a detailed security audit report. During the engagement, any issues found were triaged by RealVNC, and any deemed needing immediate attention were taken into our development lifecycle and, patches addressed accordingly.

Of the 38 issues across the entire codebase – with none being assessed as critical – a remarkably low number according to Cure53 – 32 were fixed and confirmed by Cure53 and 6 were either flagged as false alerts or works-as-intended.

What’s next?

RealVNC will continue to work on providing our customers with the most secure remote access solution on the market.

You can find out more about all of this, as well as everything security-related at RealVNC, at our booth at Infosecurity Europe 2022.

The event will take place from June 21st to 23rd, and we will be exhibiting at stand F80. Andrew Woodhouse and our Head of Cyber Security, Ben May, will both be there to answer your questions. 

You can read the Cure53 summary report here.

See how other customers are using RVNC® Connect

BVTC-2.width-1920

Boston Valley Terra Cotta

"We produce products that require a close monitoring 24 hours a day. Having RealVNC® remote access software allows us to remotely monitor …
Learn more »
AR BeachExpress

American Roads

"VNC® Connect allows us to manage and maintain our toll systems remotely… No need to waste time and money travelling for hours …
Learn more »
clackamas-county-fire-district-web-banner

Clackamas County Fire District

"RealVNC® is a small miracle package that plays an essential role in minimizing disruption to emergency rescue efforts."<br><br> Rashed Sarhadi, Information Technology Services
Learn more »

Experience secure remote freedom, like never before

We don’t require credit card data. 14 days of free, secure and fast access to your devices. Upgrade or cancel anytime

G2 stars review

4.7 stars, 400+ reviews
Top 50 IT Management
Products 2020

Apple App Store

4.8 stars, 11,700 reviews
Apple Store 5M+ downloads

Google Play Store

4.7 stars, 55,000 reviews
Google Play Store 5M+
downloads

Capterra

4.5 stars, 100+ reviews
Best Software Reviews
Platform