Yet another critical VPN-related bug found in iOS 16
Date:
Sat, 15 Oct 2022 11:05:10 +0000
Description:
It's the second data leak being reported in just a few months, but your
iPhone VPN app isn't the one to blame for it.
FULL STORY ======================================================================
It was sometime in May when a security expert first revealed that iPhone VPN apps were leaking users' data, claiming that Apple wasn't doing anything to fix it .
Now, only a few months later, another major issue has been found when using VPN software on iOS. In this instance, some of people's most sensitive information is in real danger.
Another expert has recently discovered that many Apple apps, including Health and Wallet, send users' private data outside an active VPN tunnel.
However, the best VPN services are not the ones to blame here. We confirm
that iOS 16 does communicate with Apple services outside an active VPN
tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.We used @ProtonVPN and #Wireshark. Details in the video:#CyberSecurity #Privacy pic.twitter.com/ReUmfa67ln October 12, 2022 See more Apple apps bypass VPN encryption
"We confirm that iOS 16 does communicate with Apple services outside an
active VPN tunnel. Worse, it leaks DNS requests," developer and security researcher Tommy Mysk tweeted on October 12.
Theoretically, when you connect to a secure VPN , your data is encrypted and passed through one of its international servers before it reaches it destination. This means that neither your ISP, nor any other third party should be able to access this flow of information. Similarly, the websites
you visit won't be able to define your real IP address or any other identifying details. Read more
VPNs on iOS are "broken" and Apple doesn't seem to be doing anything to
fix it
Discover what is Apple Private Relay and if it's worse than a VPN
Our pick of the best Mac VPN apps around right now
Mysk ran a few tests on iOS 16 with both Proton VPN and Wireshark active. To his dismay, he and his team found out that many Apple apps actually ignore
the VPN tunnel and exchange data directly with Apple servers.
What's worse, the applications leaking data are actually those managing the most private and sensitive information. These are Health, Wallet, Apple
Store, Clips, Files, Find My, Maps and Settings.
Talking about the reasons behind this bug, Myks seems to believe that Apple does so intentionally.
"There are services on the iPhone that require frequent contact with Apple servers, such as Find My and Push Notifications. However, I dont see an issue of tunneling this traffic in the VPN connection. The traffic is encrypted anyways, he told 9to5Mac , adding that they didn't expect such an amount of traffic to be exposed. Not just iOS VPN
As Mysk confirms during his testing, iPhone and iPad users are not the only ones risking their privacy.
"I know what you're asking yourself and the answer is YES. Android communicates with Google services outside an active VPN connection, even with the options Always-on and Block Connections without VPN," he said.
Just a few days ago we reported on Mullvad VPN 's findings that Android devices are quietly undermining VPN services during its last security audit.
Here, Android VPNs expose users' data while performing connectivity checks when accessing some Wi-Fi networks.
The VPN provider pledged Google to add an option to opt out for these checks when the VPN is active, but the big tech giant believes there's no need for this. This is why Mullvad is now pushing for at least changing the "misleading" description of its VPN-related features.
======================================================================
Link to news story:
https://www.techradar.com/news/yet-another-critical-vpn-related-bug-found-in-i os-16/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)