iOS VPN Apps Have Another Significant Flaw: Researcher
Back in August, a security researcher found a significant flaw in iOS VPN apps. Recently, a second researcher has demonstrated another major issue. It means that issues regarding the iOS VPN Apps have been increasing on regular basis. The first significant problem was that opening a VPN app should close all existing connections, but it didn’t. Secondly, many Apple apps send private data outside the VPN tunnel, including Health, Wallet, and many more.
Flaws In iOS VPN Apps
Firstly, I will talk about how iOS VPN Apps are supposed to work. Whenever you connect to a website or other server, your data is first sent to your ISP or mobile data carrier. After that, it is forwarded to the remote server. It clearly means that your ISP can see who you are and which sites and services you are accessing. It even puts you at risk from fake Wi-Fi hotspots. On the other hand, a VPN sends your data in encrypted form to a secure server. So, your data is protected from an ISP, carrier, or any hotspot operator. Now, let’s discuss the flaws:
Flaw 1: Failing to close existing connections
When you activate a VPN app, it should immediately close down all existing data connections, and then reopen them inside the secure “tunnel.” It is an absolutely standard feature of any VPN service. However, the researcher found that iOS doesn’t allow VPN apps to close all existing non-secure connections.
Flaw 2: Many Apple apps are excluded
The researcher also found that many stock Apple apps ignored the VPN tunnel and instead communicated directly with Apple servers.
We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.
It means that all the data sent to and from these servers is at risk of snooping by ISPs or hackers operating man-in-the-middle attacks, using easy-to-create fake Wi-Fi hotspots.
The apps that leaked data include:
- Apple Store
- Clips
- Files
- Find My
- Health
- Maps
- Settings
- Wallet
It is quite clear that most or all of the data handled by these apps could include extremely private information, ranging from health conditions to payment cards. So, these two problems need to be fixed.
Also Read: Oppo Reno9 Will Boast Snapdragon 778G & 12GB RAM – (phoneworld.com.pk)
PTA Taxes Portal
Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal
Explore NowFollow us on Google News!