Flaw 2: Many Apple apps are excludedĭeveloper and security researcher Tommy Mysk read our coverage and was intrigued. However, Michael Horowitz found that not only did this not reliably happen, but that iOS doesn’t allow VPN apps to close all existing non-secure connections. Flaw 1: Failing to close existing connectionsĪs soon as you activate a VPN app, it should immediately close down all existing (non-secure) data connections, and then reopen them inside the secure “tunnel.” This is an absolutely standard feature of any VPN service. Similarly, the websites and servers you are accessing don’t get access to your IP address, location, or other identifying data – your traffic appears instead to be originating from the VPN server. The usual analogy is it’s like using a secret tunnel from your device to the VPN server. All they can see is that you are using a VPN. Your data is protected from an ISP, carrier, or hotspot operator. That means that your ISP can see who you are and which sites and services you are accessing – and also puts you at risk from fake Wi-Fi hotspots.Ī VPN instead sends your data in encrypted form to a secure server. They then forward it to the remote server. Normally, when you connect to a website or other server, your data is first sent to your ISP or mobile data carrier.
The second is that many Apple apps send private data outside the VPN tunnel, including Health (above) and Wallet … The first problem was that opening a VPN app should close all existing connections, but didn’t. A security researcher back in August found a significant flaw in iOS VPN apps, and a second researcher has now demonstrated another major issue.
0 kommentar(er)
