Skip to main content

7ASecurity’s Recent Security Audit of Psiphon’s Code Finds “No Significant Security Flaws”

As part of our ongoing commitment to achieving the highest standards of transparency and security, Psiphon commissioned 7ASecurity to conduct a security review of its code base related to four new Psiphon enhancements. The resulting report is public and can be found at: https://7asecurity.com/reports/pentest-report_psiphon-e.pdf

Using a “white box” approach, meaning the complete source code was available, the security team set out to determine Psiphon’s adherence to secure coding best practices, and to provide safeguard recommendations, where appropriate, based on their findings. The security team used a variety of tools and methods against all Psiphon source code and third party libraries. Network traffic was also analyzed to identify potential attack vectors, fingerprinting and Psiphon’s behaviour under attack. 

The team’s conclusions were that: 

The Psiphon platform was found to be resilient to a broad range of attack vectors and provided an overall solid impression. 

This reflects well on the team behind the solution. 7ASecurity detected only 1 security vulnerability of low severity. Hence, no significant security flaws could be identified during this assignment. The remaining 4 findings were classified as miscellaneous weaknesses and thus, not considered as vulnerabilities.

Psiphon’s code base is open source, and can be accessed on GitHub. Previous security audits of Psiphon’s code can be found via our website and on the Psiphon blog

We thank the 7ASecurity team’s efforts and are pleased that Psiphon’s software engineers and source code continue to be so well regarded.

Popular posts from this blog

Social Media and Internet Ban in Turkey

Following the detainment of 12 pro-Kurdish lawmakers from the Peoples’ Democratic Party (HDP) in the early hours of November 4 th , Facebook, Twitter, Instagram, YouTube, WhatsApp and Skype were blocked in Turkey . There were reports that Turk Telekom internet provider completely disabled access to the internet or throttled the connection to the point that it was impossible to connect. Despite lack of official decision about the restrictions, and BTK’s explanation that there was a technical problem throughout Turkey, Prime Minister Binali Yildirim made a statement later in the day and said “For security reasons, these kinds of measures can be taken time to time. These are temporary measures. Everything goes back to normal after the danger is eliminated.” Social media and internet bans ended the following evening in most of the country, but there were still some short-term connection problems during the weekend in some regions, and it was reported that some Turk Telekom users

Amid major network disruptions, 1.76M Psiphon users in Belarus

The Psiphon network supported a peak 1.76 million daily active users during significant network interference that started August 9th, a figure that represents nearly 1 in every 3 internet users. A large-scale disruption to international internet access was observed in Belarus, beginning during the contested presidential election on August 9th. Widespread filtering was reported across all Belarusian networks, affecting popular messaging apps including Telegram, Viber, and WhatsApp; social media platforms Facebook, Twitter, Instagram, and Youtube; major app markets including Google Play and the App Store; email providers Gmail, Mail.ru, and Yandex; maps, banking, online media, and many other services. Rolling blackouts of the mobile networks also occurred nightly between 6PM and 6AM. The majority of VPNs were reportedly blocked as a result of generalized SSL/TLS filtering. Tor direct connections were disrupted by the increased network change, while Tor bridge users reached a peak 8,0

Join us in Persian

Psiphon is pleased to announce the launch of its Persian language social media! We are proud to provide reliable and efficient connectivity in Iran, and have expanded our capacity to help improve user experience. These channels will open new avenues of communication and streamline the feedback process for Persian users around the world. We invite you to connect with us to receive updates about Psiphon, or to get in touch with our Persian language team! Find us on Twitter , Facebook and Instagram . شبکه‌های اجتماعی سایفون به زبان فارسی هم راه‌اندازی می‌شود. ما به تلاش برای فراهم کردن ارتباط مطمئن و موثر در ایران افتخار می‌کنیم و به دنبال بهبود ظرفیت کمک و بهتر‌کردن تجربه‌ کاربران در ایران هستیم. شبکه‌های اجتماعی .فارسی زبان سایفون مسیر‌های ارتباطی جدیدی را برای دریافت نظرات کاربران ایرانی باز می‌کند .برای ارتباط با ما  حساب فارسی سایفون در توییتر ،  صفحه فیس‌بوک  و  اینستاگرام  سایفون را دنبال کنید