Conditions for internet users in many parts of the world are restrictive. Censorship and state-led surveillance are commonplace in some countries, with minimal tools available to circumvent content blocks and access the internet freely. Despite the constraints placed on these nations’ internet users, developers, technologists, and activists have created tools that allow people to access the open and unfiltered internet without the risk of being monitored by their governments. This is where WEPN comes in.
What is WEPN
With WEPN, users can share their own internet connection with family and friends in heavily censored countries, allowing them to freely access the open internet. Whereas commercial Virtual Private Network (VPN) services can become popular and thus easier to block by a country, the VPN service dispensed by WEPN providers is significantly stealthier, since the service is only shared with the user and a handful of other people.
As with any internet freedom tool, safety and security are crucially important. Developers often conduct security audits of their tools, such as penetration tests, which are effectively authorized simulated attacks against the tool performed to evaluate their security. In March 2022, WEPN engaged the Open Technology Fund’s Red Team Lab for such an audit, working with OTF partner 7ASecurity to ensure that the people behind WEPN have the information they need to create a safer experience for people using their tools.
The Audit
7ASecurity audited the WEPN solution, including the mobile apps, API, backend and Raspberry Pi device. Their report (linked at the end of the post) outlines the results of a penetration test and whitebox audit conducted against the WEPN solution. The aim was to review all items in scope as thoroughly as possible to ensure WEPN users can be provided with the best possible security.
Ultimately, 7ASecurity found that the WEPN system defended itself well against a broad range of attacks. 7ASecurity identified 13 separate vulnerabilities. Of these vulnerabilities, two were considered a “critical” risk, six were “medium” risk, and five were “low” risk. Each of these vulnerabilities have been addressed by WEPN.
The Open Technology Fund, 7ASecurity, and WEPN are delighted to make the results of this audit public, made possible through OTF’s Red Team Lab. Through this Lab, open source projects can apply to be professionally audited by one of its IT Security Consultancy partners, including 7ASecurity.
The full audit report can be accessed below.