The use of virtual private networks, VPN by its name in English, is a common practice of safe internet browsing to prevent websites from collecting users’ personal information. However, the iOS devicesfrom Apple, present a flaw in the use of these tools that avoids data protection.
According to reports, Apple has been aware of this failure since March 2020, more than two years ago, at which time the company was contacted by a service called ProtonVPN to report the leak that could put the protection of users’ data at risk. iOS device users.
For his part, researcher Michael Howowitz indicated that the use of vpn in devices of Manzana “it is a scam” because, during the tests it carried out for the security of the data during navigation using VPN, the problem of the information leak appears at least until the version 15.6.1 of the iOS system.
What is the fault
Horowitz indicates on his personal website that, in principle, virtual private networks seem to work adequately, but that the information contained within the device begins to leak because the connections and sessions that were established prior to the start of the secure browsing they continue to transmit information even though they shouldn’t.
ProtonVPN, who reported this issue in 2020, stated that the sessions and connections of the iPhone they reset during VPN use and emitted data even up to several hours after termination. navigation.
This security problem for users is not only present when using a certain VPN service, but Horowitz’s tests indicate that it is a problem present in several services and from various providers.
Users can’t access Apple solutions
On August 19, Horowitz indicated that he was able to contact Apple to discuss the security of VPN services on their devices. But the company indicated that “the behavior (leakage of information during VPN sessions) is expected.”
In addition, they indicated that iPhones have a function called ‘Always on VPN‘ from Mobile Device Management. However this was designed and is intended for companies that manage multiple devices, not for a regular Apple user.
The researcher mentions on his website that the company also mentioned that the API option, introduced in version 14 of the operating system iOSis a possible solution but, again, this is only reserved for company developers and not for end users of the devices.
For Horowitz, the solution to secure browsing is not to use a VPN service on a device that uses iOS as the operating system, since the bug also involves iPads and Macs, but instead it is more advisable to use this service while browsing on desktop computers connected to a router.
In the most recent update on his website, published on August 22, Horowitz indicates that he considers it unlikely that the technology company will take action to correct the bug and that, for its part, the VPN services they will be affected due to the leak of information in that operating system, so it will be difficult for them to campaign for the situation to change.
“Maybe if a lot of companies came together, they could lead Apple to do the right thing,” he concluded.
Apple and the iPhone 14 release date
Apple warned of serious security flaws in iPhones, iPads and Macs
Apple launches a new feature to protect users from cyber attacks