Newly In Stock: SEE ALL...
Sony Mirrorless wish list • Deals on Sony
$2997 Nikon Z7 II Mirrorless Camera OUT OF STOCK in Cameras: Mirrorless	$2297 Nikon D780 DSLR OUT OF STOCK in Cameras: DSLR	$2997 Nikon D850 DSLR OUT OF STOCK in Cameras: DSLR	$720 ZEISS 32mm f/1.8 Touit Lens for FUJIFILM X OUT OF STOCK in Lenses: Mirrorless	$497 Pentax 70mm f/2.4 HD Pentax DA Limited IN STOCK in Lenses: DSLR

Highly Recommended!
External SSD wish list • Deals on OWC
$220 SAVE $130 = 37.0% Western Digital 16.0TB Western Digital Ultrastar DC HC550 3.5-in… in Storage: Hard Drives	$500 SAVE $75 = 13.0% OWC 1.0TB OWC Atlas Pro SDXC V60 UHS-II Memory Card (2-Pack) in All Other Categories	$680 OWC 2.0TB OWC Atlas Ultra CFexpress 4.0 Type B Memory Card in All Other Categories	$580 OWC 4.0TB OWC Envoy Pro Elektron USB-C Portable NVMe SSD in All Other Categories	$630 OWC 4.0TB OWC Express 1M2 USB4 (40Gb/s) Bus-Powered Portable NVM… in All Other Categories	$2380 OWC 72.0TB OWC ThunderBay 4 Four-Drive Thunderbolt External Stor… in All Other Categories

Apple VPN Leakage Goes Unaddressed

2023-01-01 • SEND FEEDBACK |

Related: follow the money, iOS, reader comment, security, telework, VPN

A leaky VPN (virtual private network) can get you imprisoned or killed in some repressive countries if information is leaked to authorities*. That’s as serious a bug as it gets.

Mac Rumors: iOS 16 VPN Tunnels Leak Data, Even When Lockdown Mode Is Enabled

...Speaking to MacRumors, security researchers Tommy Mysk and Talal Haj Bakry explained that ‌iOS 16‌'s approach to VPN traffic is the same whether Lockdown mode is enabled or not. The news is significant since iOS has a persistent, unresolved issue with leaking data outside an active VPN tunnel.

In August, it again emerged that third-party VPNs for iOS and iPadOS routinely fail to route all network traffic through a secure tunnel after they have been turned on – an issue that Apple has purportedly known about for years.

Typically, when a user activates a VPN, the operating system closes all existing internet connections and then re-establishes them through the VPN tunnel. In iOS, security researchers have found that sessions and connections established before the VPN is turned on are not terminated as one would expect, and can still send data outside the VPN tunnel while it is active, leaving it potentially unencrypted and exposed to ISPs and other parties.

According to a report from privacy company Proton, an iOS VPN bypass vulnerability had been identified in iOS 13.3.1, which persisted through three subsequent updates. Apple indicated it would add Kill Switch functionality in a future software update that would allow developers to block all existing connections if a VPN tunnel is lost, but this functionality does not appear to prevent data leaks as of iOS 15 and ‌iOS 16‌.

Mysk and Bakry have now discovered that ‌iOS 16‌ communicates with select Apple services outside an active VPN tunnel and leaks DNS requests without the user's knowledge:

...

MPG: a class action lawsuit seems appropriate.

* Such as in China, where Apple cozies up to the CCP and carefully avoids any criticism of the regime whose horrific abuses of its people (concentration camps, organ harvesting, etc) should sicken anyone of consience. All while being plenty woke here in the USA. Follow the money. No one seems to notice.

Michael A writes:

To the VPN scam on iOS:

This guy has a very actual site on the topic:
https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php#wherestands

and also a very good security advice site

https://defensivecomputingchecklist.com/

worth reading ;-)

MPG: for Apple to let this issue sit for so long is unconscionable. And maybe intentional, who can say for sure?