That virtual private network (VPN) you’re using to encrypt your mobile data? There’s a good chance it leaks. A virtual private network (VPN) icon may be seen in the status bar of an iPhone used by a businessperson. Virtual Private Networks, or VPNs, are analogous to an encrypted data pipeline.
The tunnel protects the integrity of a connection to a corporate network, conceals the origin and destination of data for dissidents in hostile regimes, or merely provides access to American Netflix from outside the United States. However, security expert Michael Horowitz found that iOS’s VPN pipes leak just as easily as the water pipes in a shabby New York hotel.
“A VPN encrypts the data between any iOS device and the internet, and it also hides your device’s IP address,” Hamza Hayat Khan of Ivacy VPN told Lifewire via email. “Operating systems are designed to terminate any active network connections before reestablishing them through the encrypted VPN tunnel. That’s how everyone and everything could travel unseen. However, iOS does not terminate all active connections before initiating new ones.”
Broken Virtual Private Networks
A virtual private network (VPN) is a system that encrypts and conceals all of your internet traffic by rerouting it through another server. They can conceal your location as well as the contents of your outgoing and incoming communications.
The path is completely opaque, so no one can see anything. And certainly not your Internet service provider. That’s why they’re perfect for keeping sensitive corporate data secure when employees are working from home and for hiding from an oppressive government.
Unfortunately, the privacy-protecting abilities of some VPN programs may be compromised by their potential to share your data with third parties or by failing to encrypt your traffic.
The word “100%” is the most crucial aspect of this sentence. VPNs only serve their purpose when they route all traffic. I mean, why bother if that’s not the case?
“iOS has a problem with virtual private networks. They seem to function normally at first, “Horowitz composes a post on his blog. “However, persistent monitoring of outgoing traffic from an iOS device reveals that the VPN tunnel is insecure over time. The iOS device’s data travels outside of the encrypted VPN channel.”
There isn’t just one company or service affected by this issue. Horowitz ran tests on several other providers and discovered the same issue on each. The vulnerability is present in iOS and is not recent. By March 2020, Proton VPN has already informed the public about the breach.
To address Proton’s worries, Apple installed a “kill switch” that disconnects users from the internet when they aren’t connected to a Virtual Private Network. As Proton puts it, this “sort of works,” but there is still some data leakage.
How does this affect you as a Virtual Private Network customer? I guess that depends on your intended purpose. No big deal if all you’re doing is utilizing a VPN to watch Netflix from another country. Nothing bad will happen to you if data spills, save maybe Netflix or someone else finding out where you actually are. You can just close the app and relaunch it to fix this problem.
Connecting to a corporate network via a VPN to safeguard data in transit is another scenario when you might be fine. According to Proton, “critical traffic cannot be tracked even if you utilize Proton VPN when connected to public WiFi.” The issue at hand is one of misplaced trust. If a virtual private network (VPN) is unable to perform its primary function, then you cannot put your trust in it.
You may stop using iOS devices altogether as one option. Proton claims that “DNS inquiries from Apple services” are the data that escapes through the cracks in their kill switch in their most recent blog post. With just your IP address and that information, it might be possible to locate you on a map.
Guarding One’s Own Interests
The only method to prevent these leaks, according to data scientist Apurv Sibal’s email to Lifewire, is to not utilize a virtual private network (VPN) program or a firewall on your iOS device. “VPN apps are still available for iOS users to conceal their online activities and avoid being tracked.”
Problems with virtual private networks (VPNs) are constant. Everything that goes in and out of your phone/computer will be routed through them, therefore it’s important to do thorough background checks. It could be more detrimental to your health to use the wrong one than not to use one at all.
“But it’s crucial to understand that not all VPN programs are made equal,” explains Sibal. “There is a risk to your privacy if you use a VPN program that does not properly encrypt your traffic or that sells your data to third parties. Do your homework before committing to a VPN service, and only download software from a trusted developer.”