VPNs on iOS may not work as expected

iOSPerhaps the title was “softer” than the actual reach of the news, as the security researcher who conducted an analysis on the effectiveness of VPNs (here to understand how they work) in iOS titled his article ” VPNs on iOS are a scam”. . “

VPNs are programs that hide network activity by creating a secure connection between your device and the Internet. When you connect to the Internet through a VPN, all of your data traffic is sent through an encrypted virtual tunnel. But what is the cause of this statement by Michael Horowitz, a cybersecurity expert who openly states how broken VPNs on iOS are? According to the researcher, at first any VPN on iOS seems to work as it should because it provides a new IP address, DNS server, and tunnel for new data traffic, but sessions and connections established before activation from a VPN don’t. . , they stop and continue sending data outside the VPN tunnel. The implications of the study are staggering, as the VPN client would have to disconnect existing connections before establishing a secure connection so that they can be reestablished in the tunnel. But VPNs on iOS fail to do this, Horowitz says, agreeing with similar research by ProtonVPN from May 2020 on iOS 13.3.1. Or at least most existing connections will end up inside the tunnel, but some, like Apple’s push notification service, can last for hours.

According to Horowitz, connections that do not go through the tunnel may not be encrypted and the user’s IP address and the one to which they are connecting may be exposed to ISPs and other parties, with security concerns. personal in case there are any in the countries governed by regimes. Horowitz tested several apps and VPN providers (such as OpenVPN) on later versions of iOS, up to iOS 15.6, and found the same result, with links to Apple and Amazon Web Services. To solve the problem, ProtonVPN had suggested blocking all connections before activating the VPN by setting airplane mode and then deactivating it, but could not guarantee its effectiveness. What can we do then? Although Horowitz does not consider the case of a split tunnel VPN, where two connections are maintained at the same time, one with encrypted traffic and one with unencrypted traffic, the only solution he offers is to take a dedicated VPN router. Apple and OpenVPN haven’t posted any comments yet, but that’s a big problem, in addition to the one inherent in finding the “best VPN”, with not always reliable commercial providers, including leaks from data, properties that are not exactly clear and unencrypted servers. . If you want to read the original article, you can find it in the link below, but it can be summarized with the final commentary: Leak, leak and more leak.