To keep their internet usage safe, the public uses a VPN encrypted connection for protection. Recently, a study found that an app developed by Apple itself can bypass the secure connection of different VPN services.
A Twitter user “Mysk” shared on Twitter the results of his own tests using the “ProtonVPN” VPN and analyzer “Wireshark”, he found that DNS requests from some Apple apps on iOS 16, when communicating with Apple servers VPNs are ignored.
We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple Services that escape the VPN connection include Health, Maps, Wallet.
We used @ProtonVPN and #Wireshark. Details in the video:#CyberSecurity #Privacy pic.twitter.com/ReUmfa67ln
— Mysk 🇨🇦🇩🇪 (@mysk_co) October 12, 2022
Apple apps suspected of leaking data include Apple Store, Clips, Files, Find My, Health, Maps, Settings, and Wallet, while most apps, such as Health, handle private user information. Mysk also found that Android apps behave the same way when dealing with Google services.
As early as 2013, Apple was pointed out by the VPN service provider “ProtonVPN” that in the iOS 13.3.1 system, there is a situation in which the VPN encrypted connection is avoided, which may prevent the VPN from fully encrypting the data. Once the user has enabled the VPN, it cannot be terminated. Existing network connections, thereby exposing data and IP addresses.
Security researcher Michael Horowitz also discovered in August that the vulnerability still exists in iOS, and he said he doesn’t know why the problem has not been fixed.
unwire.hk Mewe pages: https://mewe.com/p/unwirehk