Michael Horowitz, a popular cybersecurity expert, posted a story on his website Thursday that sparks questions about network security in iOS. According to the researcher, the iPhone operating system does not allow VPN apps to work properlycausing users to not be fully protected.
The VPN, or “virtual private network”, has the function of hiding the identity of users on the internet by changing their IP address, and for it to work correctly, it is necessary that all existing connections of the device are disabled so that no breach opens space for leaks, but the iOS default settings do not allow this to occur.
Horowitz explains that, when connecting a device to the internet, its data is sent to its operator or to the administrator of a public network, which opens security holes in different cases. With a VPN, your data is encrypted and sent to a secure server that prevents outside parties from seeing your web traffic.
In practice, VPN apps for iOS are able to mask the IP address, but full security is only guaranteed by disabling all data connections so they can be re-enabled with a virtual private network mask. O iPhone won’t allow all connections to be resettherefore, the VPN does not operate correctly.
VPNs for iOS are broken. At first, they seem to work fine. The device gets a new public IP address and new DNS servers, [então] the data is sent to the VPN server. But over time, a close inspection of the data coming out of the device shows that the “tunnel” leaks the data.
Michael Horowitz
Cyber security specialist
The “tunnel” analogy is the most common to explain how VPNs work — it’s as if all your data goes through an invisible channel for ISPs.
Horowitz says he tested the virtual private networks under multiple conditions, using different apps and versions of iOS. According to his research, this issue has been going on for several years — from the release of iOS 13.3.1 — to the present day. The latest analyzed build that still has this flaw is iOS 15.6.
Among the connections that cannot be closed is the iPhone push notifications service. The expert claims that insecure channel between device and internet may remain open for hours without being able to be protected by the VPN.
Such findings date back to March 2020, at which time ProtonVPN first identified this issue with the release of iOS 13.3.1.
A community member found that in iOS version 13.3.1, the operating system does not close existing connections. Most connections have a short execution time and are eventually re-established through the VPN. However, some last for long periods and can remain open for hours outside the tunnel.
ProtonVPN
Apparently, Apple provides a feature that allows VPN app developers to disable all iPhone network connections. THE flag “includeAllNetworks” has been present in the Apple Developer documentation since 2019, but for some reason, is not enabled by default on iOS.
The function was even officially unveiled during the 2019 WWDC, specifically addressing VPN settings, but to this day, developers seem not to have used the tool to make their apps fully functional.
The Apple iPhone 13 is available from FastShop for BRL 5,149 and in Magazine Luiza for BRL 5,489. The cost-benefit is medium and this is the best model in this price range. To see the other 238 offers click here.
