VPN apps on iOS “are a scam”, says security researcher – Tecnoblog

At best deals,
no tail tied

According to a digital security researcher, security applications VPN (Virtual Private Networks) not working as they should on iOS, Apple’s mobile operating system. Apparently, there is a flaw known to the company for at least two years. In practice, since the release of iOS version 13.3.1, it is impossible to guarantee that data is actually sent through the use of VPNs.

iOS icon
iOS, Apple’s operating system for the iPhone (Image: Vitor Pádua / Tecnoblog)

According to researcher Michael Horowitz, “VPNs on iOS are a scam.” In a blog post, the security expert claimed that VPN apps on Apple’s mobile operating system are “broken”, preventing these apps from actually closing all existing unsecured connections.

To better understand the problem, let’s recap how VPNs are supposed to work. Generally, when the user connects to a website, his data is sent first to the internet provider or operator. Subsequently, the information is forwarded to the intended server.

This means that your data can be seen by your ISP, including your location and which websites and services you access online. When using a VPN, information is sent encrypted to a secure server, creating a layer of protection during data traffic. That way, your IP address and location, for example, are not exposed.

VPNs on iOS are “broken”

However, this does not occur correctly when using a VPN service on iOS. The application should close all existing insecure connections and reopen them in a direct “tunnel” to send its data to the private server. According to Horowitz, iOS systems do not allow these VPN apps to actually prevent data exposure by not closing all unsecured routes.

Mobile with open VPN app
VPN (Image: Privecstasy/Unsplash)

According to the researcher, VPNs seem to work normally on Apple’s mobile devices. However, the reality is that these apps are “broken” on iOS. The device actually introduces a new IP address and new DNS servers. In addition, the data is also sent to the private server.

However, upon closer inspection by Horowitz, he found that the data sent by the device is leaked out of the “tunnel” traditionally created when using a VPN app. This means that if the iOS user activates the service thinking it is safe and sends confidential information, the first data may leak through the connections that were not closed.

This issue had already been identified for the first time by ProtonVPN, back in March 2020. A member of the Proton community found that the flaw has been present at least since iOS version 13.3.1. The latest tests were performed on iOS 15.6, proving that the issue still exists.

Apple says fix exists since 2019

When asked about the failure by the 9to5Mac, Apple stated that it offers a way for VPN app developers to fix the problem. However, the researchers did not identify the fix mentioned in any of the VPN apps they tested.

Apple logo
Apple (Image: Vitor Padua / Tecnoblog)

Also, while Apple insists it has been offering a fix since 2019, ProtonVPN says it’s only a partial fix. This fix made available to VPN app developers was actually presented by the company during the 2019 WWDC event. However, the measure that would fix the flaw is disabled by default.

Proton told the 9to5Mac who was aware of this supposed solution and tested it when it was announced by Apple. Even so, the company found that the fix is ​​only partially effective and unsecured connections remain open after activating a VPN app.

According to Proton CEO Andy Yen, the company decided to expose the flaw after Apple told him that it would not offer a 100% effective solution to the identified problem. “We first notified Apple of this issue two years ago. Apple refused to fix the issue, which is why we released the vulnerability to protect the public,” the executive said.

With information: 9to5Mac, 1 and 2

Source link

About Admin

Check Also

Elon Musk’s Neuralink is being investigated by animal testing

The United States government is conducting an investigation into the Neuralinkone of the companies led …

Leave a Reply

Your email address will not be published. Required fields are marked *