A security researcher say Apple iOS device does not fully route all network traffic through VPN as users might expect, a potential security issue that device manufacturers have known for years.
Michael Horowitz, a longtime computer security researcher and researcher, clearly presents — if the content — in a blog posts are constantly updated. “The VPN on iOS is broken,” he said.
Any third-party VPN, Horowitz writes, works from the start, giving the device a new IP address, DNS servers, and a tunnel for new traffic. But the sessions and connections established prior to activating the VPN do not terminate, and as Horowitz found with enhanced router logging, it is still possible to send data outside of the VPN tunnel while it is active. .
In other words, you can expect a VPN client to kill existing connections before establishing a secure connection so they can be re-established inside the tunnel. But iOS VPNs don’t seem to be able to do this, says Horowitz, a finding backed up by a similar report from May 2020.
“Data leaves the iOS device outside of the VPN tunnel,” Horowitz writes. “This is not a classic/legacy DNS leak, but a data leak. I have confirmed this using a variety of VPNs and software from a variety of VPN providers. The latest iOS version that I tested is 15.6.”
Security company Protons previously reported a iOS VPN Bypass Vulnerability started at least in iOS 13.3. Like Horowitz’s post, ProtonVPN’s blog notes that VPNs usually close all existing connections and reopen them inside the VPN tunnel, but that didn’t happen on iOS. Most existing connections will eventually end up inside the tunnel, but some, like Apple’s push notification service, can last for hours.
The main problem with no-tunnel connections that persist is that they can be unencrypted and the user’s IP address and what they’re connecting to can be seen by ISPs and other parties. “The people most at risk from this vulnerability are those in countries where surveillance and civil rights violations are common,” ProtonVPN wrote at the time. That might not be an urgent concern for casual VPN users, but it’s worth noting.
ProtonVPN confirmed that VPN bypass persists in the next three updates to iOS 13. ProtonVPN indicated in its blog post that Apple will add functionality to block existing connections, but the functionality This when added did not seem to make a difference in Horowitz’s results.
Horowitz tested ProtonVPN’s app in mid-2022 on an iPad iOS 15.4.1 and found that it still allowed persistent, tunnel-free connections to Apple’s push service. The Kill Switch functionality added to ProtonVPN, which describes its function as blocking all network traffic if the VPN tunnel is lost, did not stop the leak, according to Horowitz.
Horowitz tested again on iOS 15.5 with another VPN provider and iOS app (OVPN, running WireGuard protocol). His iPad keeps sending requests to both Apple services and Amazon Web Services.
ProtonVPN suggested a “nearly effective” solution of manually closing all connections when starting the VPN: Connect to the VPN server, turn on airplane mode, then turn it off. “Your other connections will also reconnect inside the VPN tunnel, although we cannot guarantee this 100%,” ProtonVPN writes. Horowitz thinks the iOS Airplane Mode functions are so confusing that this makes this not the answer.
Ars Technica has reached out to both Apple and OpenVPN for comment and will update this paragraph with any answer.
Horowitz’s post doesn’t provide specific details on how iOS can fix the problem. He also doesn’t deal with VPNs that offer”split tunnel“rather than focusing on the promise of a VPN that collects all network traffic. For his part, Horowitz recommends. $130 . Dedicated VPN Router as a truly secure VPN solution.
VPNs, especially commercial services, continue to be a complex part of internet security and privacy. Choose a “Best VPN” has long been a challenge. VPN can be taken down by gap, server is not encrypted, greedy data brokeror by owned by Facebook.
This story originally appeared on Ars Technica.
