Research proves that VPNs running on Apple devices keep the connection insecure and open, leading to data exposure.
Earlier this week, a security researcher revealed that iOS devices do not fully secure the network traffic and connection through VPNs as one would expect.
According to a tech security researcher and blogger named ‘Michael Horowitz,’ every VPN on Apple devices is broken. As a result, the iOS devices have been leaking data for more than two years. He puts it plain and simple in a blog post: “VPNs on iOS are broken.”
In the blog, the researcher has written that VPN is a third-party app that seems to operate fine initially, providing the device with a unique DNS server, an IP, and a secure tunnel to direct network traffic. However, connections and servers established before activating a VPN are not completely turned down. The problem is that if advanced router logging is involved, data can be sent outside the tunnel.
This security report of Horowitz is backed up by an old report in May of 2020 that shares the same thoughts as him. Put simply, a user must terminate every connection and session before activating a secure connection with a VPN. In the case of iOS VPNs, this doesn’t seem to happen.
He further wrote: “Data leaves the iOS device outside of the VPN tunnel. This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers. The latest version of iOS that I tested with is 15.6.”
A potential workaround
Back in 2020, Apple added a kill switch to terminate all the connections and services of iOS VPNs before activation. Moreover, ProtonVPN had suggested that activating airplane mode after VPN activation can turn off every device’s connections. Turning off the airplane mode with the VPN still activated should restart the connections and sessions inside the network tunnel.
However, the airplane method is not so reliable as users have control of Wi-Fi settings, regardless of airplane mode. So, they can confuse this process.
As of now, Horowitz condemns the use of VPNs on Apple devices. To avoid the network traffic leak, users should use a VPN activated from a router to secure the entire network.