iOS VPN Apps Have Another Significant Flaw: Researcher

Laiba MohsinLast Updated: Oct 13, 2022
iOS VPN Apps

Back in August, a security researcher found a significant flaw in iOS VPN apps. Recently, a second researcher has demonstrated another major issue. It means that issues regarding the iOS VPN Apps have been increasing on regular basis. The first significant problem was that opening a VPN app should close all existing connections, but it didn’t. Secondly, many Apple apps send private data outside the VPN tunnel, including Health, Wallet, and many more.

Flaws In iOS VPN Apps

Firstly, I will talk about how iOS VPN Apps are supposed to work. Whenever you connect to a website or other server, your data is first sent to your ISP or mobile data carrier. After that, it is forwarded to the remote server. It clearly means that your ISP can see who you are and which sites and services you are accessing. It even puts you at risk from fake Wi-Fi hotspots. On the other hand, a VPN sends your data in encrypted form to a secure server. So, your data is protected from an ISP, carrier, or any hotspot operator. Now, let’s discuss the flaws:

Flaw 1: Failing to close existing connections

When you activate a VPN app, it should immediately close down all existing data connections, and then reopen them inside the secure “tunnel.” It is an absolutely standard feature of any VPN service. However, the researcher found that iOS doesn’t allow VPN apps to close all existing non-secure connections.

Flaw 2: Many Apple apps are excluded

The researcher also found that many stock Apple apps ignored the VPN tunnel and instead communicated directly with Apple servers.

We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.

It means that all the data sent to and from these servers is at risk of snooping by ISPs or hackers operating man-in-the-middle attacks, using easy-to-create fake Wi-Fi hotspots.

The apps that leaked data include:

  • Apple Store
  • Clips
  • Files
  • Find My
  • Health
  • Maps
  • Settings
  • Wallet

It is quite clear that most or all of the data handled by these apps could include extremely private information, ranging from health conditions to payment cards. So, these two problems need to be fixed.

Also Read: Oppo Reno9 Will Boast Snapdragon 778G & 12GB RAM – (phoneworld.com.pk)

 

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!
Laiba MohsinLast Updated: Oct 13, 2022
Photo of Laiba Mohsin

Laiba Mohsin

Laiba is an Electrical Engineer seeking a placement to gain hands-on experience in relevant areas of telecommunications. She likes to write about tech and gadgets. She loves shopping, traveling and exploring things.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Get Alerts!

PhoneWorld Logo

Join the groups below to get the latest updates!

💼PTA Tax Updates
💬WhatsApp Channel

>