A bug that can not encrypt the VPN connection is found on the iPhone, a simple workaround is also released at the same time
In iOS which is OS of iPhone,VPNIt was found that there was a problem that the encryption of communication in was incomplete and there was a risk of leaking IP addresses etc. This issue has not been fixed by Apple at the time of writing, but we have found a workaround that can be expected to have a certain effect with a very simple operation.
Apple iOS vulnerability causes connections to bypass VPN
A Bug Existing Since iOS 13.3.1 Interferes With VPNs Encrypting Traffic-The Mac Observer
Swiss VPN ProviderProtonVPNReported on March 25, 2020, "A bug in iOS 13.4 was detected that prevented all VPN traffic from being encrypted." This bug has existed since at least iOS 13.3.1, which makes it possible to bypass VPN encryption, which may cause problems such as disclosure of user data or leakage of IP address. That is.
Normally, when the OS establishes a successful VPN connection, the OS will disconnect the existing connection and access the Internet through the VPN. However, due to this problem, normal communication is maintained for several minutes to several hours, and there is a possibility that communication may not be correctly encrypted.
ProtonVPN states, "If your Internet connection is unencrypted, your data may be exposed, but this is rare nowadays. A more common threat is IP address disclosure. This would allow someone to steal your IP address or the server you connect to could see your IP address instead of the VPN server. "
The image below shows that ProtonVPN used network analysis software to verify this problem.WiresharkIt is the result of analyzing the traffic of the iOS device in. You can see that 10.0.2.109, the IP address of the device surrounded by a red circle, and 17.57.1 46.68, an IP address owned by Apple, can be easily seen from the communication content.
The serious thing is that VPN providers, including ProtonVPN, cannot address this issue because iOS does not allow VPN apps to forcibly terminate existing network connections. Therefore, the only solution to this problem is to fix iOS on Apple's side. ProtonVPN has already reported this problem to Apple, but at the time of writing the article, no patches or corrections by Apple have been distributed.
ProtonVPN commented, "The users who are most affected by this bug are those in countries where governments are monitoring and civil rights are being violated."
On the other hand, ProtonVPN also finds that in some cases, unencrypted communication can be disconnected with a simple operation. The method is as follows.
1: Connect to the VPN server.
2: Turn on airplane mode.
3: Turn off airplane mode.
This operation may disconnect the existing network and reconnect to the VPN, but it is not always certain. So ProtonVPN is more secure for the time beingAlways-on VPNWe recommend that you use.