Virtual private networks on Apple’s iOS devices will not work due to a software bug, according to a prominent expert, jeopardizing the security of potentially millions of users.
In a report, independent computing consultant and former CNET contributor Michael Horowitz said a previously known VPN flaw in iOS devices still persists. The bug was first pointed out by ProtonVPN in 2020. In short, iOS devices allow some user data to leak outside of the “tunnel” created by the VPN, potentially allowing data to be tracked or collected without the user’s knowledge.
“Right now, I see no reason to trust a VPN on iOS,” Horowitz said. “My suggestion would be to establish the VPN connection using VPN client software in a router rather than on an iOS device.”
Horowitz conducted his tests by connecting his iPad to a VPN and monitoring the iPad’s connection requests through his internet router. When the VPN was working, his router showed an outbound connection request from the iPad to the VPN and nothing new after that. Horowitz said the VPN appeared to work on his iPad for a few minutes, however, a “deluge” of connection requests were sent over the VPN after less than 20 minutes.
“A VPN that doesn’t do what it’s supposed to do,” Horowitz said bluntly. “Data is leaving my iPad and not traveling through the VPN tunnel.”
Horowitz said he contacted both Apple and the Cybersecurity and Infrastructure Security Agency to alert them to the issue, but received no response from tech giant Cupertino or CISA.
“It takes so little time and effort to recreate this and the problem is so consistent that they could have restored it if they had even tried,” he said. “None of my business. Maybe they’re hoping I’ll just move on like ProtonVPN and drop it. I dunno.”
VPNs are crucial data security tools, especially for people in potentially hostile countries. earlier this month, The New York Times reported that Russia is redirecting all internet traffic in occupied parts of Ukraine back to Russian networks. A VPN would allow Ukrainian users to bypass these Russian networks and remain undetected. Given the problem pointed out by ProtonVPN and Horowitz, iPhone users trying to use a VPN in Ukraine — and other hostile countries — could still be at risk.
Sign up to receive Daily Dot’s Internet Insider newsletter for urgent breaking news on the online front.
The post Using a VPN on iOS is still a major security risk first appeared on The Daily Dot.https://www.dailydot.com/debug/apple-ios-vpn-unsafe/ Using a VPN on iOS is still a major security risk