Apple warns of a data leak through a VPN although it does not offer any solution

The use of a virtual private network (VPN) on iOS devices has led to a data leak known to Apple since at least 2020 and not solved yetaccording to different investigations.

A VPN is a tool that redirects a device’s Internet traffic through a secure tunnel, hiding your IP address while encrypting your data. Users often resort to this alternative to protect your privacy against possible cyberattacks, among other advantages.

The reliability of these VPNs on iOS is in question. The investigator Michael Horowitz has published a report on its website in which it has ensured that the use of these tools in the iPhone operating system is “broken”.

Horowitz acknowledges that at first “they seem to work well.” This implies that the iOS device receives a new IP address and DNS server. Next, the user’s data reaches the VPN server.

However, this researcher explains that “close inspection” shows safe tunnel leaks of the VPN. This is because sessions and connections established on the device before you turned on the VPN are not closed, and can continue to relay your data.

Horowitz has claimed that this is a “data leak” that he has confirmed by using “multiple types of VPNs and software from multiple VPN providers.”

The researcher has pointed out that the latest version of iOS in which he has tested the reliability of a VPN is 15.6. In addition, he has recalled that the signature ProtonVPN alerted about this same data leak in March 2020.

ProtonVPN identified this leak in iOS version 13.3.1 back then, according to its blog. Like Horowitz, the company noted that VPNs were unable to close previously opened sessions and reopen them within your secure tunnel.

The firm noted that most sessions and connections “eventually re-established within the VPN tunnel, but others, such as Apple’s push notification service, could continue to send data”for minutes u hours« outside the VPN tunnel.

Apple does not offer solutions to the end user

ProtonVPN raised concerns with Apple before revealing their findings publicly without getting any solutions in return. For his part, Horowitz informed the company at the end of last May without obtaining a response.

The researcher later tried to contact Apple again, which acknowledged on August 19 to be aware of this problem.

The technology company from Cupertino reminded Horowitz that the ‘Always on VPN’ function of Mobile Device Management (MDM) allows a company’s IT staff to force all data from iOS devices to remain within the corporate network. However, MDM not available for the end user.

In its response, Apple also mentions the API option introduced in iOS 14. In this case, its use is reserved for developers and the end user is also exempt.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent News

Editor's Pick