Skip to main content

It's possible Apple's Private Relay VPN isn't so private after all

A potential security flaw in iCloud Private Relay can lead Apple’s VPN to ignore firewall rules and send some data back to the iPhone maker’s servers.

This leak itself was first discovered by the VPN company Mullvad which was monitoring network connections while working on its own app.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

For those unfamiliar, Private Relay functions in a similar way to a VPN tunnel or how Tor works by routing a user’s encrypted network through relay servers before it reaches the internet. The service is currently still in beta and is only available in certain regions though it also requires a paid iCloud+ subscription.

TechRadar Pro reached out to Apple regarding this potential leak in iCloud Private Relay but we’ve yet to hear back at the time of writing. However, since the service is still in beta, this issue could be rectified before it becomes generally available. Since iCloud Private Relay’s beta release coincided with the launch of iOS 15, Apple could make the service available in full with the release of iOS 16 in September of this year.

Ignoring firewall rules

According to a new blog post from Mullvad, the VPN company was monitoring network connections when it noticed that QUIC traffic was leaving one of its computers outside of a VPN tunnel.

Disabling Apple’s Private Relay feature made the leaks stop and the company has even provided instructions so that other users can reproduce the leak on their own. Mullvad also  pointed out in its blog post that Private Relay (mostly) disables itself as soon as any firewall rule is added to the Packet Filter (PF) system firewall on macOS devices. 

As such, the company believes that the leak itself is just some kind of heartbeat signal calling home to Apple. Although it’s impossible to know what information is transmitted to Apple’s servers, the leak does send a clear message to both your local network and ISP that you might be a macOS user.

At this time, Mullvad is unaware of any way to prevent Private Relay from leaking user traffic back to Apple but the company recommends that users disable the feature altogether for the time being if their threat model forbids their local network or ISP from knowing what kinds of devices they’re currently using.

Via AppleInsider



Source: TechRadar

Popular posts from this blog

The hidden cost of food delivery

Noah Lichtenstein Contributor Share on Twitter Noah Lichtenstein is the founder and managing partner of Crossover , a diversified private technology fund backed by institutional investors, technology execs and professional athletes and entertainers. More posts by this contributor What Studying Students Teaches Us About Great Apps I’ll admit it: When it comes to food, I’m lazy. There are dozens of great dining options within a few blocks of my home, yet I still end up ordering food through delivery apps four or five times per week. With the growing coronavirus pandemic closing restaurants and consumers self-isolating, it is likely we will see a spike in food delivery much like the 20% jump China reported during the peak of its crisis. With the food delivery sector rocketing toward a projected $365 billion by the end of the decade, I’m clearly not the only one turning to delivery apps even before the pandemic hit. Thanks to technology (and VC funding) we can get a ri

Cyber Monday Canada: Last-minute deals for everyone on your list

Best Cyber Monday Canada deals: Smart Home Audio Phones, Tablets & Accessories Wearables Laptops & PC Components Amazon products Gaming Televisions Cameras Lifestyle & Kitchen Toys & Kids Cyber Monday Canada is here, and retailers are rolling out the red carpet for customers who want to shop for everything from tech to kitchenware to games and everything in between. Unlike years past, Cyber Monday Canada deals look a bit different than normal. Instead of retailers trying to pack their stores with as many shoppers as possible, we're seeing tons of online deals that you can take advantage of from the comfort of your home. We've rounded up our favorites below, so feel free to browse through the best of what Canada Cyber Monday has to offer! This list is being updated with new Cyber Monday deals all the time, so check back often. Spotlight deals It's a Switch Nintendo Switch Fortnite Edition bundle $399.95 at Amazon It's a Switch.

Slack’s new integration deal with AWS could also be about tweaking Microsoft

Slack and Amazon announced a big integration late yesterday afternoon. As part of the deal, Slack will use Amazon Chime for its call feature, while reiterating its commitment to use AWS as its preferred cloud provider to run its infrastructure. At the same time, AWS has agreed to use Slack for internal communications. Make no mistake, this is a big deal as the SaaS communications tool increases its ties with AWS, but this agreement could also be about slighting Microsoft and its rival Teams product by making a deal with a cloud rival. In the past Slack CEO Stewart Butterfield has had choice words for Microsoft saying the Redmond technology giant sees his company as an “existential threat.” Whether that’s true or not — Teams is but one piece of a huge technology company — it’s impossible not to look at the deal in this context. Aligning more deeply with AWS sends a message to Microsoft, whose Azure infrastructure services compete with AWS. Butterfield didn’t say that of course

Turn your Raspberry Pi into a full-blown computer with the best screens

So you've already picked up the best Raspberry Pi kit , but you want to be able to actually see things, so you'll need to find the best Raspberry Pi screen. Then, of course, you'll need to find a display to use, regardless of whether you grabbed the Raspberry Pi 4 or even the Raspberry Pi 400 . So we've rounded up the best options to give your mini computer a display worth using. Super low power GeeekPi 7 Inch 1024x600 Capacitive Touch Screen HDMI Monitor Staff Pick This 7-inch capacitive display has a 1024x600 resolution and connects via HDMI. It also only requires 500mAh of power for its backlight. There are two additional USB ports for you to take advantage of and expand and extend. Plus, you won't have to worry about meddling around with any display drivers and can just plug and play this GeeekPi monitor with your Raspberry Pi. $70 at Amazon Ultimate flexibility ASUS VP28UQG 28" Monitor 4K/UHD Flexibility is the name of the game with a Raspber