Alert of a data leak when using a VPN on iOS devices that still has no solution

22 Aug. (Portaltic/EP) –

Using a virtual private network (vpnfor its acronym in English) on devices iOS has led to a data leak Manzana known, at least, since 2020 and has not yet been solved, according to different investigations.

A VPN is a tool that redirects the Internet traffic of a device through a secure tunnel in which it hides its address IP while encrypting your data. Users often resort to this alternative to protect your privacy against possible cyber attacks, among other advantages.

The reliability of these VPNs on iOS is in question. The investigator Michael Horowitz has published a report on your website in which he has assured that the use of these tools in the iPhone operating system is “broken“.

Horowitz acknowledges that at first “they seem to work well.” This implies that the iOS device receives a new IP address and DNS server. Next, the user’s data reaches the VPN server.

However, this researcher explains that “a detailed inspection” shows leaks in the VPN’s secure tunnel. This is because the sessions and connections established on the device before activating the VPN are not closed, and they can continue to relay their data.

Horowitz has claimed that this is a “data leak” that he has confirmed by using “multiple types of VPNs and software from multiple VPN providers.”

The researcher has pointed out that the latest version of iOS in which he has tested the reliability of a VPN it’s on 15.6. In addition, he recalled that the signature ProtonVPN alerted about this same data leak in March 2020.

ProtonVPN back then identified this leak in iOS version 13.3.1, according to your blog. Like Horowitz, the company pointed out that VPNs were unable to close previously opened sessions and reopen them within their secure tunnel.

The firm noted that most sessions and connections “were re-established eventually within the VPN tunnel, but others, such as Apple’s push notification service, could continue to send data “for minutes or hours” outside the VPN tunnel.

APPLE DOES NOT PROVIDE END-USER SOLUTIONS

ProtonVPN raised its concerns with Apple before disclosing its findings publicly without any resolution in return. For his part, Horowitz informed the company at the end of last May without obtaining a response.

The investigator later tried to contact Apple again, which he acknowledged on August 19 be aware of this problem.

The technology company from Cupertino reminded Horowitz that the ‘Always on VPN’ function of Mobile Device Management (MDM) allows a company’s IT staff to force all data on iOS devices to stay within the corporate network. However, MDM is not available to the end user.

In its response, Apple also mentions the API option introduced in iOS 14. In this case, its use is reserved for developers and the end user is also exempt.