{"id":48950,"date":"2022-08-18T09:48:01","date_gmt":"2022-08-18T09:48:01","guid":{"rendered":"https:\/\/harchi90.com\/all-ios-vpns-are-worthless-and-apple-knows-it-claims-researcher\/"},"modified":"2022-08-18T09:48:01","modified_gmt":"2022-08-18T09:48:01","slug":"all-ios-vpns-are-worthless-and-apple-knows-it-claims-researcher","status":"publish","type":"post","link":"https:\/\/harchi90.com\/all-ios-vpns-are-worthless-and-apple-knows-it-claims-researcher\/","title":{"rendered":"All iOS VPNs are worthless and Apple knows it, claims researcher"},"content":{"rendered":"<div>\n<p style=\"font-size:.9em;\">&#13;<br \/>\n        <em>AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases.  These affiliate partnerships do not influence our editorial content.<br \/>\n        <\/em>&#13;\n    <\/p>\n<\/div>\n<div>\n<p>A detailed new report says that a long-time bug in iOS prevents any VPN from fully encrypting all traffic \u2014 and also claims that Apple has known about it and chosen to do nothing since discovery in 2020<\/p>\n<div class=\"col-sm-12\">\n<p>The vulnerability was first discovered by VPN firm ProtonVPN in March 2020. At the time, the company said that when a VPN is switched on, the OS should terminate all internet connections and automatically re-establish them via the VPN to prevent unencrypted data leakage.<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>In iOS 13.3.1 and later versions, devices connecting with a VPN didn&#8217;t close and re-open connections.  Consequently, it was possible that a user would unknowingly in part continue to use the insecure connection they had before turning on the VPN.<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>&#8220;Those at highest risk because of this security flaw are people in countries where surveillance and civil rights abuses are common,&#8221; said the company at that time.<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>Now Michael Horowitz, who describes himself as an independent computer consultant and blogger, says the vulnerability still exists.  In a copiously illustrated 7,500 word post about the issue, Horowitz repeatedly found significant data leaks when using VPNs on iOS.<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>&#8220;It takes so little time and effort to re-create this, and the problem is so consistent, that if [Apple] tried at all, they should have been able to re-create it,&#8221; he writes.  Maybe they are hoping, that like ProtonVPN, I will just move on and drop it.  Dunno.&#8221;<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>In short, Horowitz looked at the data stream that was exiting the iPad while different VPNs were being used.<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>&#8220;At first, they appear to work fine,&#8221; he writes.  &#8220;But, over time, a detailed inspection of data leaving the iOS device shows that the VPN tunnel leaks.&#8221;<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>&#8220;Data leaves the iOS device outside of the VPN tunnel,&#8221; continues Horowitz.  Using a newly-updated iPad and turning on a VPN, he recorded what he described as &#8220;another flood of requests&#8230; traveling outside the VPN tunnel.&#8221;<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>Horowitz stopped after repeatedly documenting similar issues.<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>&#8220;I am simply interested in whether there is a problem, yes or no,&#8221; he said.  &#8220;I am not interested in fully defining\/debugging the problem. That&#8217;s for Apple.&#8221;<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>Horowitz&#8217;s detail includes his failed attempts to discuss the issue with Apple and the government&#8217;s Cybersecurity and Infrastructure Security Agency (CISA).<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>&#8220;At this point, I see no reason to trust any VPN on iOS,&#8221; he concludes.  &#8220;My suggestion would be to make the VPN connection using VPN client software in a router, rather than on an iOS device.&#8221;<\/p>\n<\/div>\n<div class=\"col-sm-12\">\n<p>Horowitz&#8217;s research has concentrated on the use of third-party VPNs.  He has not reported on whether there are any issues using Apple&#8217;s Private Relay.  Apple doesn&#8217;t consider the Private Relay to have the same functionality as a full VPN, however.<\/p>\n<\/div>\n<\/div>\n<p>    .<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#13; AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content. &#13; A detailed new report says that a long-time bug in iOS prevents any VPN from fully encrypting all traffic \u2014 and also claims that &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/harchi90.com\/all-ios-vpns-are-worthless-and-apple-knows-it-claims-researcher\/\"> <span class=\"screen-reader-text\">All iOS VPNs are worthless and Apple knows it, claims researcher<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[6533,6530,2302,6522,6523,453,6513,1702,6519,6524,6532,3356,3946,6517,6518,6510,2271,6515,6516,6529,6512,6514,6511,3381,6531,6520,6521,6525,4013,6526,6528,6527,1514,6536,1081,6534,6535,1065],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":14206,"url":"https:\/\/harchi90.com\/jony-ive-is-no-longer-consulting-for-apple\/","url_meta":{"origin":48950,"position":0},"title":"Jony Ive is no longer consulting for Apple","date":"July 14, 2022","format":false,"excerpt":"\r AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content. \r Apple and Ive's design firm, LoveFrom, are no longer working together, with both parties choosing not to extend the\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":10547,"url":"https:\/\/harchi90.com\/first-touch-bar-macbook-pro-models-will-become-vintage-on-july-31\/","url_meta":{"origin":48950,"position":1},"title":"First Touch Bar MacBook Pro models will become vintage on July 31","date":"July 10, 2022","format":false,"excerpt":"\r AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content. \r Apple will be placing its first models of MacBook Pro equipped with the Touch Bar to its list of\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":48744,"url":"https:\/\/harchi90.com\/apple-aiming-for-sept-7-to-unveil-iphone-14-apple-watch-series-8\/","url_meta":{"origin":48950,"position":2},"title":"Apple aiming for Sept.  7 to unveil iPhone 14, Apple Watch Series 8","date":"August 18, 2022","format":false,"excerpt":"\r AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content. \r Apple is reportedly planning on holding its iPhone 14 and Apple Watch Series 8 launch event on Sept. 7,\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28064,"url":"https:\/\/harchi90.com\/production-quality-problems-force-apple-to-change-iphone-14-suppliers\/","url_meta":{"origin":48950,"position":3},"title":"Production quality problems force Apple to change iPhone 14 suppliers","date":"July 28, 2022","format":false,"excerpt":"\r AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content. \r Analyst Ming-Chi Kuo says that it appears the iPhone 14's rear lenses have caused problems for one supplier, causing\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"fifu_image_url":"https:\/\/photos5.appleinsider.com\/gallery\/49926-97835-000-lead-VPN-xl.jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/48950"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=48950"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/48950\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=48950"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=48950"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=48950"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}