All Posts by Date or last 15, 30, 90 or 180 days.

As an Amazon Associate I earn from qualifying purchases @AMAZON

Designed for the most demanding needs of photographers and videographers.
Connect and charge all of your devices through a single Thunderbolt or USB-C port.

Apple VPN Leakage Goes Unaddressed

re: security and VPN

A leaky VPN (virtual private network) can get you imprisoned or killed in some repressive countries if information is leaked to authorities*. That’s as serious a bug as it gets.

Mac Rumors: iOS 16 VPN Tunnels Leak Data, Even When Lockdown Mode Is Enabled

...Speaking to MacRumors, security researchers Tommy Mysk and Talal Haj Bakry explained that ‌iOS 16‌'s approach to VPN traffic is the same whether Lockdown mode is enabled or not. The news is significant since iOS has a persistent, unresolved issue with leaking data outside an active VPN tunnel

In August, it again emerged that third-party VPNs for iOS and iPadOS routinely fail to route all network traffic through a secure tunnel after they have been turned on – an issue that Apple has purportedly known about for years.

Typically, when a user activates a VPN, the operating system closes all existing internet connections and then re-establishes them through the VPN tunnel. In iOS, security researchers have found that sessions and connections established before the VPN is turned on are not terminated as one would expect, and can still send data outside the VPN tunnel while it is active, leaving it potentially unencrypted and exposed to ISPs and other parties.

According to a report from privacy company Proton, an iOS VPN bypass vulnerability had been identified in iOS 13.3.1, which persisted through three subsequent updates. Apple indicated it would add Kill Switch functionality in a future software update that would allow developers to block all existing connections if a VPN tunnel is lost, but this functionality does not appear to prevent data leaks as of iOS 15 and ‌iOS 16‌.

Mysk and Bakry have now discovered that ‌iOS 16‌ communicates with select Apple services outside an active VPN tunnel and leaks DNS requests without the user's knowledge:

...

MPG: a class action lawsuit seems appropriate.

* Such as in China, where Apple cozies up to the CCP and carefully avoids any criticism of the regime whose horrific abuses of its people (concentration camps, organ harvesting, etc) should sicken anyone of consience. All while being plenty woke here in the USA. Follow the money. No one seems to notice.

Michael A writes:

To the VPN scam on iOS:

This guy has a very actual site on the topic:
https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php#wherestands

and also a very good security advice site

https://defensivecomputingchecklist.com/

worth reading ;-)

MPG: for Apple to let this issue sit for so long is unconscionable. And maybe intentional, who can say for sure?

View all handpicked deals...

FUJIFILM GF 20-35mm f/4 R WR Lens
$2499 $1999
SAVE $500

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | X.com/diglloyd
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__