Skip to main content

Yet another critical VPN-related bug found in iOS 16

It was sometime in May when a security expert first revealed that iPhone VPN apps were leaking users' data, claiming that Apple wasn't doing anything to fix it

Now, only a few months later, another major issue has been found when using VPN software on iOS. In this instance, some of people's most sensitive information is in real danger.  

Another expert has recently discovered that many Apple apps, including Health and Wallet, send users' private data outside an active VPN tunnel. 

However, the best VPN services are not the ones to blame here. 

See more

Apple apps bypass VPN encryption

"We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests," developer and security researcher Tommy Mysk tweeted on October 12.

Theoretically, when you connect to a secure VPN, your data is encrypted and passed through one of its international servers before it reaches it destination. This means that neither your ISP, nor any other third party should be able to access this flow of information. Similarly, the websites you visit won't be able to define your real IP address or any other identifying details.

Mysk ran a few tests on iOS 16 with both Proton VPN and Wireshark active. To his dismay, he and his team found out that many Apple apps actually ignore the VPN tunnel and exchange data directly with Apple servers.

What's worse, the applications leaking data are actually those managing the most private and sensitive information. These are Health, Wallet, Apple Store, Clips, Files, Find My, Maps and Settings.  

Talking about the reasons behind this bug, Myks seems to believe that Apple does so intentionally. 

"There are services on the iPhone that require frequent contact with Apple servers, such as Find My and Push Notifications. However, I don’t see an issue of tunneling this traffic in the VPN connection. The traffic is encrypted anyways,”  he told 9to5Mac, adding that they didn't expect such an amount of traffic to be exposed. 

Not just iOS VPN

As Mysk confirms during his testing, iPhone and iPad users are not the only ones risking their privacy. 

"I know what you're asking yourself and the answer is YES. Android communicates with Google services outside an active VPN connection, even with the options Always-on and Block Connections without VPN," he said. 

Just a few days ago we reported on Mullvad VPN's findings that Android devices are quietly undermining VPN services during its last security audit. 

Here, Android VPNs expose users' data while performing connectivity checks when accessing some Wi-Fi networks.  

The VPN provider pledged Google to add an option to opt out for these checks when the VPN is active, but the big tech giant believes there's no need for this. This is why Mullvad is now pushing for at least changing the "misleading" description of its VPN-related features.   

Source: TechRadar

Popular posts from this blog

Uber Eats exits seven markets, transfers one as part of competitive retooling

Uber Eats is pulling out of a clutch of markets — shuttering its on-demand food offering in the Czech Republic, Egypt, Honduras, Romania, Saudi Arabia, Uruguay and Ukraine. It’s also transferring its Uber Eats business operations in the United Arab Emirates (UAE) to Careem, its wholly owned ride-hailing subsidiary that’s mostly focused on the Middle East. “Consumers and restaurants using the Uber Eats app in the UAE will be transitioned to the Careem platform in the coming weeks, after which the Uber Eats app will no longer be available,” it writes in a regulatory filing detailing the operational shifts. “These decisions were made as part of the Company’s ongoing strategy to be in first or second position in all Eats markets by leaning into investment in some countries while exiting others,” the filing adds. An Uber spokesman said the changes are not related to the coronavirus pandemic but rather related to an ongoing “strategy of record” for the company to hold a first or s

Keep your Oculus Quest controllers going strong with these batteries

The Touch Controllers for the Oculus Quest 2 ship with one disposable AA battery each, but once those run out of juice, you should invest in the best Oculus Quest 2 replacement batteries to fill in for them. While the Touch Controllers last much longer than the headset's limited battery, it's still wise to invest in some rechargeable batteries or a stack of disposable batteries to stop your VR sessions from getting disrupted. Here are the batteries and chargers we recommend for your Oculus Touch controllers. Best rechargable batteries + charger Panasonic K-KJ55MCA4BA 3 Hour Quick Charger with 4 AA eneloop Rechargeable Batteries Staff Pick These rechargeable batteries store up to 2,000 mAh of power and can be recharged up to 2,100 times. They can be charged completely from dead or partially charged without damaging the energy storage memory. We recommend buying them with the quick charger accessory, which will get your AAs recharged in no time, but you can also purchas

These Android games support Bluetooth controllers and they're better for it

Gaming is simply better with a controller in your hands. Gaming on Android typically requires you to settle for using touchscreen controls. However, some gracious game developers take the time and effort to add support for Bluetooth gamepads— and we love them for it. Since so few games provide this feature, we've taken the time to test and compiled our list of the best games that let you play with the best Bluetooth controller in your hands. We'd also recommend getting a Style Ring or PopSocket which can help prop your phone up at a good angle for gaming. You might recognize some of these games from the best Android games roundup and for good reason. But you're here for the best games with controller support, after all, so here I present to you the best you can find on the Play Store. The games Call of Duty Mobile GRID Autosport Tesla vs Lovecraft Evoland 2 Horizon Chase World Tour Riptide GP: Renegade Modern Combat 5: Blackout GTA: San Andreas Oceanhor

What ancient advice can teach us about AI

Artificial Intelligence (AI) is everywhere. Siri, Alexa and Google Assistant have become indispensable to millions of users. Tesla Autopilot has the potential to change driving forever. And IBM Watson took a new job providing big data solutions to corporations after its first job was in jeopardy. Those are just the most prominent examples. Helpful applications of AI are being deployed in a broad spectrum of industries, but AI also has the potential to be misused. About the author  Jason Egnal is Chief Marketing Officer at Zenfolio . His background spans a variety of industries, including SaaS, AI, Fintech and Consumer Electronics.  Zenfolio, the website builder and photo sharing site , recently introduced technology that applies AI to assist photographers in selecting the best photos from the thousands of shots typically taken during a photo session. The advanced image recognition technology is tremendously powerful and can make photographers more efficient than they ever d