iOS devices don’t let VPNs direct all traffic to proxy tunnels
3 min readiOS devices don’t let VPNs direct all traffic to proxy tunnels
- An American company made 0.7nm chips: EUV lithography machines can’t do it
- CVE-2007-4559 Python vulnerability ignored for 15 years puts 350,000 projects at risk of code execution
- RISC-V only takes 12 years to achieve the milestone of 10 billion cores
- 14000 cores + 450W: RTX 4080 graphics card perfectly replaces the RTX 3080
- Big upgrade: The difference between Bluetooth 5.0 and 5.2
- Geeks Disappointed that RTX 4080/4090 doesn’t come with PCIe 5.0
- What are advantages and disadvantages of different load balancing?
iOS devices don’t let VPNs direct all traffic to proxy tunnels, researchers say.
iCloud dedicated proxy is a service provided by Apple when it launched iCloud+.
It uses VPN to help users prevent the websites and services they visit from obtaining their own sensitive information.
It is a privacy protection mechanism. In addition to this service, many users are accustomed to using other VPN services to protect their online privacy.
But security researcher Michael Horowitz noted this week that in his experiments, he found that connections between iOS and Apple servers, even when VPN services were enabled, bypassed proxy channels. It also echoes Proton’s warnings over the years.
After the user installs and enables the VPN service on the device, it will give the device a new IP address, use a new DNS server, and disable the WebRTC function of the device under normal conditions.
After that, all external communication will only be carried out through the newly established VPN tunnel.
However, Horowitz uses his iPad and a router to log device traffic with the VPN enabled on the iPad.
The first time he installed iOS 15.4.1 with ProtonVPN, only VPN traffic was found at first, but after a few tens of minutes there was an influx of non-VPN traffic, all from Apple services.
During the second test, Horowitz upgraded to the then-latest iOS 15.5 and switched to the OVPN app, which also found direct traffic to Apple services outside the VPN tunnel.
Horowitz’s findings are consistent with what Proton revealed in 2020.
According to Proton at the time, iOS did not close existing connections after a user enabled the VPN service, allowing Apple features such as notification services to be delivered in a non-proxy form after the user established a VPN proxy channel.
Horowitz also said that only those transfers that were made before the VPN was enabled can bypass the proxy tunnel.
In fact, Proton reported this to Apple, and Apple responded that they knew that their traffic was immune to proxies, and suggested that the Always On VPN setting should be used to mitigate this problem.
However, this setting can only be enabled through a mobile device management solution.
- DIY a PBX (Phone System) on Raspberry Pi
- How to host multiple websites on Raspberry Pi 3/4?
- A Free Intercom/Paging system with Raspberry pi and old Android phones
- DIY project: How to use Raspberry Pi to build DNS server?
- Raspberry Pi project : How to use Raspberry Pi to build git server?