Why you shouldn't use a VPN with your iPhone

Why you shouldn’t use a VPN with your iPhone

Security researchers have discovered that iOS 16 still suffers from an issue that partially disables VPNs on iPhones. In fact, Apple’s mobile operating system does not reset connections when a VPN is activated, allowing information to escape the secure tunnel.

Despite Apple’s efforts, nothing helps, VPNs are still not completely secure on iPhones. In July 2022, Apple announced Isolation, a new safe mode for its smartphone, intended to protect users who are particularly exposed to spyware.
This feature enhances the security of Apple smartphones by reducing the potential attack surface by disabling certain features. Despite this, the problems VPNs have had on iOS for some time have persisted, though for all intents and purposes Apple never indicated that Isolation Mode changed the way iOS behaves with VPNs.

No connection reset

Security researchers Tommy Mysk and Talal Haj Bakry observed and explained to our colleagues MacRumors that the approach to VPNs on iOS does not change whether Isolation Mode is enabled or not. However, last August it was shown that Apple’s mobile operating systems (iOS and iPadOS) do not pass all traffic through a secure tunnel when connecting to a VPN published by a third-party developer.

Normally, when a VPN is enabled, the operating system cuts off all existing Internet connections and reestablishes them through the VPN. However, iOS cannot restore these connections. Therefore, they can continue to send data without going through the VPN, leaving the unencrypted data accessible to potential surveillance or an attacker.

Worse yet, the two security researchers discovered that isolation mode passes even more data out of the VPN tunnel than normal mode. This sends the notification traffic out of the encrypted channel. The researchers rightly call this practice “strange.”
They also claim that iOS 16 communicates with Apple services outside of an active VPN and thus communicates DNS queries without the user’s knowledge. Affected services include the Health app, Maps, and Maps.

A long-standing problem

However, this highly problematic flaw is not new at all, and Apple has known about it for some time. Proton, a company that specializes in protecting your online communications, be it browsing or email, has documented this issue since iOS 13.3.1. An update that was released on January 28, 2020.

At the time, Apple indicated that it would correct the situation with the implementation, in a future update, of a Kill Switch, which would allow VPN developers to block all pre-existing connections. But, this feature doesn’t seem very effective as researchers have established their observations by turning it on while iOS 16.1 is there.

Given this state of affairs, we can only encourage users who use VPNs for serious business to avoid using an iPhone in these conditions. Your telecom carrier, surveillance agencies, or malicious hacker organizations can bypass this apparent security.

At the moment, Apple has not communicated information about the integration of the patch in a future iOS update.

Font :

MacRumors


#shouldnt #VPN #iPhone

Leave a Comment

Your email address will not be published. Required fields are marked *