iPhone VPN Security Issues Persist in iOS 16, Researchers Claim
A vulnerability in iOS 16 potentially leaks data outside an active VPN tunnel even in Apple’s Lockdown Mode.
Two years ago, Proton VPN disclosed a vulnerability in Apple’s iOS that allows a user’s VPN traffic to leak outside of the VPN tunnel, unencrypted.?
The vulnerability was initially said to affect iOS version 13.3.1. Mullvad VPN also warned of the issue in 2020. And this year, researcher Michael Horowitz said the?vulnerability exists in iOS version 15.6.1.?
Now, new research claims the vulnerability still exists in iOS 16, the brand-new version of Apple’s mobile operating system. Security researchers at Mysk have demonstrated that iOS 16 communicates with Apple services outside of an active VPN tunnel and leaks DNS requests.?
“We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel,” the researchers tweeted. “Worse, it leaks DNS requests. Apple services that escape the VPN connection include Health, Maps, Wallet.”
VPN users with?critical privacy needs?like journalists, dissidents and activists are especially at risk if their traffic leaks. ?
We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.
We used @ProtonVPN and #Wireshark. Details in the video:#CyberSecurity #Privacy pic.twitter.com/ReUmfa67ln
— Mysk ???????? (@mysk_co) October 12, 2022
Normally, when a user connects to a VPN, existing internet connections should be terminated by the operating system, then re-established through the encrypted VPN tunnel. Data leaking unencrypted outside of an active VPN tunnel can pose serious privacy and security risks because a user’s true IP address and other sensitive information can be exposed to the user’s ISP, network administrators, government agencies and cybercriminals.? ? ?
Additionally, the researchers indicated that data leaks persisted even with Apple’s new Lockdown Mode enabled. In fact, they say the leaks were worse in that mode.
Update: The Lockdown Mode leaks more traffic outside the VPN tunnel than the “normal” mode. It also sends push notification traffic outside the VPN tunnel. This is weird for an extreme protection mode.
Here is a screenshot of the traffic (VPN and Kill Switch enabled) #iOS pic.twitter.com/25zIFT4EFa
— Mysk ???????? (@mysk_co) October 13, 2022
Apple did not immediately respond to CNET’s request for comment. But according to Apple’s site, Lockdown Mode is “optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats.”
Proton VPN outlined a potential workaround in its blog post documenting the issue. Users should first connect to a VPN server, enable Airplane Mode on their iOS device (to kill all internet connections and temporarily disable the VPN) and then disable Airplane Mode. The VPN should then reconnect, and all internet connections should be re-established through the VPN tunnel. However, Proton VPN does warn that there is no 100% guarantee that this method will work.
“This is something that has unfortunately lingered despite us repeatedly raising the matter with Apple over a long stretch of time. Knowing that, it’s worth reiterating that this issue is a byproduct of an iOS flaw,?not some kind of bug within Proton VPN,” a Proton spokesperson told CNET in an emailed statement. “The leak likewise affects VPN services across the board, not simply Proton. This situation is obviously suboptimal, but it does not expose user browsing history or other online activity.”? ?
- VPN Trackers: What to Know and How to Protect Your Privacy
- Best iPhone VPN of 2022
- Best VPN Service of 2022: Top Picks by Our VPN Experts