Is VPN insecure? A hole has been found in iOS that allows everyone to see your traffic

VPN apps on iOS do not encrypt all traffic due to a bug in the system. This was stated by the security expert Michael Horowitz.

Once the VPN is enabled, the device should obtain a new IP address and close all existing internet connections and then restore them. The problem is that iOS does not allow VPN services to close all connections.

For example, the Apple Push connection, through which all notifications on iOS are delivered, is left insecure. As a result, the provider and attackers can find out the IP address of the device and calculate its location.

Most insecure connections with a running VPN are short-lived and are restored through the VPN tunnel after a few minutes. But in the case of Apple push notifications, the situation is exacerbated, as these connections can remain open for several hours.

Testing conducted using the ProtonVPN app in mid 2022 on an iPad running iPadOS 15.4.1. Horowitz also ran OpenVPN with the WireGuard protocol on iPadOS 15.5. His tablet will continue to send insecure requests to Apple and Amazon servers.

The data leaves the iOS device outside the VPN tunnel. This is not a classic/legacy DNS leak, it’s a data leak. I have verified this using several VPN types and software from several VPN providers. The latest version of iOS I tested is 15.6.

Michael Horowitz, security expert

This issue was first reported by ProtonVPN developers in March 2020. They found out that the VPN worked in iOS 13.3.1 and iOS 13.4 in a similar way.

By October 2020, Apple had not fixed the issue. However, developers have the opportunity to use the Kill Switch feature in iOS 14, which manually terminates all insecure connections. According to Horowitz, this feature did not work in ProtonVPN.

Horowitz reported the problem to Apple at the end of May. At first the company got in touch, but then stopped responding to messages. Windscribe co-founder Egor Sak stated that he is aware of the issue, and Windscribe has contacted Apple several times about resolving it. [ArsTechnica]


Source: iPhones.ru — Новости высоких технологий, обзоры смартфонов, презентации Apple by www.iphones.ru.

*The article has been translated based on the content of iPhones.ru — Новости высоких технологий, обзоры смартфонов, презентации Apple by www.iphones.ru. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!