It's possible Apple's Private Relay VPN isn't so private after all
Date:
Wed, 27 Apr 2022 01:00:32 +0000
Description:
The VPN provider Mullvad has discovered a flaw in iCloud Private Relay that causes the service to leak some data back to Apple.
FULL STORY ======================================================================
A potential security flaw in iCloud Private Relay can lead Apples VPN to ignore firewall rules and send some data back to the iPhone makers servers.
This leak itself was first discovered by the VPN company Mullvad which was monitoring network connections while working on its own app.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99.
For those unfamiliar, Private Relay functions in a similar way to a VPN
tunnel or how Tor works by routing a users encrypted network through relay servers before it reaches the internet. The service is currently still in
beta and is only available in certain regions though it also requires a paid iCloud+ subscription.
TechRadar Pro reached out to Apple regarding this potential leak in iCloud Private Relay but weve yet to hear back at the time of writing. However,
since the service is still in beta, this issue could be rectified before it becomes generally available. Since iCloud Private Relays beta release coincided with the launch of iOS 15, Apple could make the service available
in full with the release of iOS 16 in September of this year. Ignoring firewall rules
According to a new blog post from Mullvad, the VPN company was monitoring network connections when it noticed that QUIC traffic was leaving one of its computers outside of a VPN tunnel.
Disabling Apples Private Relay feature made the leaks stop and the company
has even provided instructions so that other users can reproduce the leak on their own. Mullvad also pointed out in its blog post that Private Relay (mostly) disables itself as soon as any firewall rule is added to the Packet Filter (PF) system firewall on macOS devices. Read More
T-Mobile denies blocking iCloud Private Relay, but admits some users won't
have access
What is Apple Private Relay and is it worse than a VPN?
This Google Chrome challenger could be the best browser for private surfing
As such, the company believes that the leak itself is just some kind of heartbeat signal calling home to Apple. Although its impossible to know what information is transmitted to Apples servers, the leak does send a clear message to both your local network and ISP that you might be a macOS user.
At this time, Mullvad is unaware of any way to prevent Private Relay from leaking user traffic back to Apple but the company recommends that users disable the feature altogether for the time being if their threat model forbids their local network or ISP from knowing what kinds of devices theyre currently using. Work securely from anywhere with one of the best business VPNs
Via AppleInsider
======================================================================
Link to news story:
https://www.techradar.com/news/its-possible-apples-private-relay-vpn-isnt-so-p rivate-after-all/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)