On Thursday, Aug. 18, a well-known security researcher claimed that Apple has known about the broken iOS VPN apps for two and a half years now and that the tech giant has not done anything to fix it.
The security researcher Michael Horowitz wrote about the issue in his blog post titled "VPNs on iOS are a Scam."
Broken VPNs on iOS
In his blog, Horowitz wrote that iOS VPN apps work fine. The iOS device gets a new public IP address and new DNS servers, then the data is sent to the VPN server.
However, over time, a detailed inspection of data leaving the iOS device shows that the VPN tunnel leaks.
Horowitz added that he confirmed the DNS leak after using multiple types of VPN and software from multiple VPN providers.
After Horowitz claimed that iOS VPN apps are broken because of a flaw, Apple said it had already offered a fix back in 2019, according to 9to5Mac.
However, ProtonVPN backed Horowitz's claims and said that the fix is only a partial solution.
Also Read: Google Rolls Out Own VPN Service for iOS Devices
ProtonVPN added that the vulnerability has been present on iOS devices since iOS 13.3.1, and there is no 100% reliable way of ensuring that the data is being sent through the VPN.
Apple introduced an optional fix for this issue in iOS 14, but it did little to resolve the problem, according to News18.
Proton founder and CEO Andy Yen said he is disappointed that there are still broken iOS VPN apps.
Yen added that they first notified Apple privately of the problem two years ago and that the tech giant declined to fix the issue, which is why they disclosed the vulnerability to protect the public.
How iOS VPNs Are Supposed to Work
When you connect to a website or another server, your data is sent to your Internet Service Provider (ISP), or mobile data carrier. They then forward the data to the remote server.
That means your ISP can see your personal information and online activity.
So when you're using public Wi-Fi hotspots, you are also at risk from man-in-the-middle or MITM attacks. This opens an opportunity for a hacker to create a Wi-Fi hotspot that mimics a real one but routes all traffic through their system first, letting them log all of your personal data.
A MITM attack is easy because it can be as simple as plugging a power-brick-size device into a power outlet.
To protect you from MITM attacks, your VPN sends your data in encrypted form to a secure server. Your ISP, mobile carrier, or hotspot operator can no longer see your data. All they can see is that a VPN protects your data.
If the VPN that you are using is broken, your data leaks, and you will be vulnerable to MITM attacks.
Suggested Workaround
According to ArsTechnica, Proton suggested a workaround to the problem that involves activating the VPN and then turning the Airplane Mode on and off to force the network traffic to be re-established through the VPN tunnel.
However, Proton admits that their suggested workaround is not a guaranteed solution.
Meanwhile, Horowitz claimed that Airplane Mode was not reliable in itself and should not be relied on as a solution to the VPN problem, according to MacRumors.
Related Article: iOS 9 Prevents Some Users From Accessing The Web Through VPNs: Here's How To Fix It
This article is owned by Tech Times
Written by Sophie Webster