iOS VPNs have Leaked Traffic for More than 2 Years, researcher claims

upnorth

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Content source
https://arstechnica.com/information-technology/2022/08/ios-vpns-still-leak-traffic-more-than-2-years-later-researcher-claims/
A security researcher says that Apple's iOS devices don't fully route all network traffic through VPNs, a potential security issue the device maker has known about for years. Michael Horowitz, a longtime computer security blogger and researcher, puts it plainly—if contentiously—in a continually updated blog post. "VPNs on iOS are broken," he says.

Any third-party VPN seems to work at first, giving the device a new IP address, DNS servers, and a tunnel for new traffic, Horowitz writes. But sessions and connections established before a VPN is activated do not terminate and, in Horowitz's findings with advanced router logging, can still send data outside the VPN tunnel while it's active. In other words, you'd expect a VPN to kill existing connections before establishing a connection so they can be re-established inside the tunnel. But iOS VPNs can't seem to do this, Horowitz says, a finding that is backed up by a similar report from May 2020. "Data leaves the iOS device outside of the VPN tunnel," Horowitz writes. "This is not classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers. The latest version of iOS that I tested with is 15.6."
Click to expand...
arstechnica.com

iOS VPNs have leaked traffic for years, researcher claims [Updated]

VPNs on Apple mobile devices reportedly keep connections open and expose data.
arstechnica.com arstechnica.com
 
  • Like
  • Wow
  • Thanks
Reactions: dinosaur07, simmerskool, Nevi and 7 others
A

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,716
This is not news. I remember reading (I think it was a year ago) an article about how old/-already established connections are kept even when you connect to VPN

Connect to a VPN server, turn on airplane mode, then turn it off. "Your other connections should also reconnect inside the VPN tunnel, though we cannot guarantee this
Click to expand...
Yeah. That was pretty much the solution talked about back then.

Edit: Probably this article

www.bleepingcomputer.com

Unpatched iOS Bug Blocks VPNs From Encrypting All Traffic

A currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private networks (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users' data or leak their IP addresses.
www.bleepingcomputer.com www.bleepingcomputer.com
 
Last edited:
  • Like
  • Applause
Reactions: simmerskool, Nevi, Sorrento and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Wow
    • Like
Security News Android bug can leak DNS traffic with VPN kill switch enabled
Replies
0
Views
1,490
Security News
Gandalf_The_Grey
Gandalf_The_Grey
enaph
    • Like
    • +Reputation
    • Thanks
Privacy News Mullvad VPN Warns About Traffic Leaks on Latest macOS Sequoia
Replies
0
Views
1,649
Security News
enaph
enaph
CyberTech
    • Like
    • +Reputation
    • Wow
iOS 16 VPN Tunnels Leak Data, Even When Lockdown Mode Is Enabled
Replies
0
Views
772
News Archive
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top