Mon. Jul 8th, 2024

News

iPhone VPN apps are ‘a scam,’ security researcher warns–and Apple knows it

By

Aug 18, 2022 #‘apple, #iphone, #knows, #researcher, #scam,, #security, #warns–and
iPhone VPN apps are ‘a scam,’ security researcher warns–and Apple knows it<!-- wp:html --><div></div> <div> <p>In a blog titled “VPNs on iOS are a Scam,” a well-known security researcher accuses VPNs installed on an iPhone or iPad of leaking data while Apple turns a blind eye. In an article first published in May 2022, but regularly updated with new information, Michael Horowitz claims that he was able to confirm the data breaches using multiple VPN types and software from multiple VPN providers. He recently tested with an iPhone with iOS 15.6. </p> <p>A VPN (Virtual Private Network) must establish a secure and encrypted connection between a device and the Internet – a private tunnel for your data and communications to pass through. However, Horowitz explains that all sessions and connections established before the VPN was activated must be terminated and this is not done by default, meaning data can still be sent outside of the VPN. </p> <p>Horowitz further investigated whether iOS VPN providers had implemented an option called “Kill TCP sockets after connection”, which would cause these connections to be cut. As he writes, “I’ve checked a handful of iOS VPN clients on other VPN providers and found none with an option to terminate existing connections/sockets when setting up the VPN tunnel.”</p> <p>The main criticism here is that VPNs are often implemented because a user wants to protect their data, but if data leaves their device and doesn’t travel through the VPN tunnel, the VPN won’t do its job. It’s possible that the problem is with iOS and not with the VPN clients, Hotowitz admits. </p> <p>However, Apple has yet to address the issue (at least not publicly) and it’s been two years since it was first raised. In March 2020, a report from ProtonVPN revealed that details of what appears to be the same bug lead to a VPN data breach in both iOS 13 and 14. At the time, John Dunn of <a target="_blank" href="https://prf.hn/click/camref:1100liQyi/pubref:1-1-833823-1-0-0/destination:https://nakedsecurity.sophos.com/2020/03/30/apples-ios-13-4-hit-by-vpn-bypass-vulnerability/" rel="noopener">Sophos</a> wrote that a patch “may not show up for weeks”. Unfortunately it has been a bit longer. </p> <p>Until Apple responds, Horowitz suggests making the VPN connection with VPN client software in a router instead of an iOS device. We contacted several VPN developers for comment, but did not receive an immediate response.</p> </div><!-- /wp:html -->
join Crime News

In a blog titled “VPNs on iOS are a Scam,” a well-known security researcher accuses VPNs installed on an iPhone or iPad of leaking data while Apple turns a blind eye. In an article first published in May 2022, but regularly updated with new information, Michael Horowitz claims that he was able to confirm the data breaches using multiple VPN types and software from multiple VPN providers. He recently tested with an iPhone with iOS 15.6.

A VPN (Virtual Private Network) must establish a secure and encrypted connection between a device and the Internet – a private tunnel for your data and communications to pass through. However, Horowitz explains that all sessions and connections established before the VPN was activated must be terminated and this is not done by default, meaning data can still be sent outside of the VPN.

Horowitz further investigated whether iOS VPN providers had implemented an option called “Kill TCP sockets after connection”, which would cause these connections to be cut. As he writes, “I’ve checked a handful of iOS VPN clients on other VPN providers and found none with an option to terminate existing connections/sockets when setting up the VPN tunnel.”

The main criticism here is that VPNs are often implemented because a user wants to protect their data, but if data leaves their device and doesn’t travel through the VPN tunnel, the VPN won’t do its job. It’s possible that the problem is with iOS and not with the VPN clients, Hotowitz admits.

However, Apple has yet to address the issue (at least not publicly) and it’s been two years since it was first raised. In March 2020, a report from ProtonVPN revealed that details of what appears to be the same bug lead to a VPN data breach in both iOS 13 and 14. At the time, John Dunn of Sophos wrote that a patch “may not show up for weeks”. Unfortunately it has been a bit longer.

Until Apple responds, Horowitz suggests making the VPN connection with VPN client software in a router instead of an iOS device. We contacted several VPN developers for comment, but did not receive an immediate response.

By

Related Post

Lebanon News

“Islamic Resistance” targets Mount Hermon in the occupied Syrian Golan

Jul 8, 2024
Lebanon News

“Islamic Resistance” targets Mount Hermon in the occupied Syrian Golan

Jul 8, 2024
Lebanon News

“Islamic Resistance” targets Mount Hermon in the occupied Syrian Golan

Jul 8, 2024

You missed

Lebanon News

“Islamic Resistance” targets Mount Hermon in the occupied Syrian Golan

July 8, 2024
Lebanon News

“Islamic Resistance” targets Mount Hermon in the occupied Syrian Golan

July 8, 2024
Lebanon News

“Islamic Resistance” targets Mount Hermon in the occupied Syrian Golan

July 8, 2024
Lebanon News

“Islamic Resistance” targets Mount Hermon in the occupied Syrian Golan

July 8, 2024