[ad_1]
There is a bug inside iOS which prevents any VPNto fully encrypt all traffic: this is not a recent discovery, as the problem was discovered in the course of 2020, but Apple is aware of it and so far has chosen not to do anything about its resolution.
This is a vulnerability first identified by Proton VPN in March 2020. When any VPN is activated, the operating system should terminate all active connections and automatically reestablish them via the VPN, in order to prevent any communication channels can remain outside the VPN and therefore transmit unencrypted traffic.
Proton VPN then discovered that starting with the version 13.3.1 of iOS this did not happen, leaving the user in the possible situation of unknowingly using unsecured connections, mostly those already in place before the activation of the VPN. “The people most at risk from this defect are those who live in countries where surveillance and violation of civil rights are the order of the day,” the company said at the time.
Computer scientist Michael Horowitz found that the vulnerability still exists. Not hesitating to define VPNs on iOS as a “scam”, the researcher published a in-depth analysis of the problem, where he explains that he has repeatedly encountered “significant data loss” (understood as data traveling outside the VPN) while using a VPN on iOS. Horowitz looked at the iPad’s outbound data traffic while using different VPNs and found how a lot of data actually travels outside the secure connection in most cases, even with iOS updated to the latest version.
Horowitz says he contacted both Apple and the US CISA, but received no useful feedback. The researcher suggests using a dedicated router on which to configure a VPN when it is necessary to protect the traffic of devices with iOS, but this solution obviously only applicable in the home environment and under our direct control. A VPN is usually used even in those cases where it is necessary to connect to third-party networks and you want to protect traffic from prying eyes and in these cases there would be no “artisan” solution able to solve the problem.
.
[ad_2]
Source link
