Skip to main content

Yet another critical VPN-related bug found in iOS 16

It was sometime in May when a security expert first revealed that iPhone VPN apps were leaking users' data, claiming that Apple wasn't doing anything to fix it

Now, only a few months later, another major issue has been found when using VPN software on iOS. In this instance, some of people's most sensitive information is in real danger.  

Another expert has recently discovered that many Apple apps, including Health and Wallet, send users' private data outside an active VPN tunnel. 

However, the best VPN services are not the ones to blame here. 

See more

Apple apps bypass VPN encryption

"We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests," developer and security researcher Tommy Mysk tweeted on October 12.

Theoretically, when you connect to a secure VPN, your data is encrypted and passed through one of its international servers before it reaches it destination. This means that neither your ISP, nor any other third party should be able to access this flow of information. Similarly, the websites you visit won't be able to define your real IP address or any other identifying details.

Mysk ran a few tests on iOS 16 with both Proton VPN and Wireshark active. To his dismay, he and his team found out that many Apple apps actually ignore the VPN tunnel and exchange data directly with Apple servers.

What's worse, the applications leaking data are actually those managing the most private and sensitive information. These are Health, Wallet, Apple Store, Clips, Files, Find My, Maps and Settings.  

Talking about the reasons behind this bug, Myks seems to believe that Apple does so intentionally. 

"There are services on the iPhone that require frequent contact with Apple servers, such as Find My and Push Notifications. However, I don’t see an issue of tunneling this traffic in the VPN connection. The traffic is encrypted anyways,”  he told 9to5Mac, adding that they didn't expect such an amount of traffic to be exposed. 

Not just iOS VPN

As Mysk confirms during his testing, iPhone and iPad users are not the only ones risking their privacy. 

"I know what you're asking yourself and the answer is YES. Android communicates with Google services outside an active VPN connection, even with the options Always-on and Block Connections without VPN," he said. 

Just a few days ago we reported on Mullvad VPN's findings that Android devices are quietly undermining VPN services during its last security audit. 

Here, Android VPNs expose users' data while performing connectivity checks when accessing some Wi-Fi networks.  

The VPN provider pledged Google to add an option to opt out for these checks when the VPN is active, but the big tech giant believes there's no need for this. This is why Mullvad is now pushing for at least changing the "misleading" description of its VPN-related features.   

Source: TechRadar

Popular posts from this blog

Cyber Monday Canada: Last-minute deals for everyone on your list

Best Cyber Monday Canada deals: Smart Home Audio Phones, Tablets & Accessories Wearables Laptops & PC Components Amazon products Gaming Televisions Cameras Lifestyle & Kitchen Toys & Kids Cyber Monday Canada is here, and retailers are rolling out the red carpet for customers who want to shop for everything from tech to kitchenware to games and everything in between. Unlike years past, Cyber Monday Canada deals look a bit different than normal. Instead of retailers trying to pack their stores with as many shoppers as possible, we're seeing tons of online deals that you can take advantage of from the comfort of your home. We've rounded up our favorites below, so feel free to browse through the best of what Canada Cyber Monday has to offer! This list is being updated with new Cyber Monday deals all the time, so check back often. Spotlight deals It's a Switch Nintendo Switch Fortnite Edition bundle $399.95 at Amazon It's a Switch.

The hidden cost of food delivery

Noah Lichtenstein Contributor Share on Twitter Noah Lichtenstein is the founder and managing partner of Crossover , a diversified private technology fund backed by institutional investors, technology execs and professional athletes and entertainers. More posts by this contributor What Studying Students Teaches Us About Great Apps I’ll admit it: When it comes to food, I’m lazy. There are dozens of great dining options within a few blocks of my home, yet I still end up ordering food through delivery apps four or five times per week. With the growing coronavirus pandemic closing restaurants and consumers self-isolating, it is likely we will see a spike in food delivery much like the 20% jump China reported during the peak of its crisis. With the food delivery sector rocketing toward a projected $365 billion by the end of the decade, I’m clearly not the only one turning to delivery apps even before the pandemic hit. Thanks to technology (and VC funding) we can get a ri

Slack’s new integration deal with AWS could also be about tweaking Microsoft

Slack and Amazon announced a big integration late yesterday afternoon. As part of the deal, Slack will use Amazon Chime for its call feature, while reiterating its commitment to use AWS as its preferred cloud provider to run its infrastructure. At the same time, AWS has agreed to use Slack for internal communications. Make no mistake, this is a big deal as the SaaS communications tool increases its ties with AWS, but this agreement could also be about slighting Microsoft and its rival Teams product by making a deal with a cloud rival. In the past Slack CEO Stewart Butterfield has had choice words for Microsoft saying the Redmond technology giant sees his company as an “existential threat.” Whether that’s true or not — Teams is but one piece of a huge technology company — it’s impossible not to look at the deal in this context. Aligning more deeply with AWS sends a message to Microsoft, whose Azure infrastructure services compete with AWS. Butterfield didn’t say that of course

iPhone 13 Pro vs. iPhone 15 Pro Buyer's Guide: 50+ Differences Compared

The iPhone 15 Pro brings over 50 new features and improvements to Apple's high-end smartphones compared to the iPhone 13 Pro, which was released two years prior. This buyer's guide breaks down every major difference you should be aware of between the two generations and helps you to decide whether it's worth upgrading. The ‌iPhone 13‌ Pro debuted in 2021, introducing a brighter display with ProMotion technology for refresh rates up to 120Hz, the A15 Bionic chip, a telephoto camera with 3x optical zoom, Macro photography and photographic styles, Cinematic mode for recording videos with shallow depth of field, ProRes video recording, a 1TB storage option, and five hours of additional battery life. The ‌iPhone 13‌ Pro was discontinued upon the announcement of the iPhone 14 Pro in 2022, but it is still possible to get hold of it second-hand. Our guide helps to answer the question of how to decide which of these two iPhone models is best for you and serves as a way to c