Mobile

Unpatched iPhone Bug Could Silently Disable VPN Protection

The release of the iOS 13 garnered a lot of hype. It was described as a smooth OS that takes the user experience a notch higher. But, as with most things, there was more to it.

The 13.3.1 version of the iOS and above, though even more refined, brought a few problems with it. The other problems were so insignificant and could be ironed out.

But the biggest and, by far, the most worrying of them all was the problem with VPN connectivity. This problem could be found on both iPhone and iPad VPNs. The crux of the issue was that the security vulnerability would prevent the VPN app from creating a fully encrypted tunnel. Thus, keeping some data unencrypted. This might even lead to the leaking of private data and IP addresses – unless, of course, you use the best VPN for Ipad by VPNRanks that have been tested and proven to be still working!

This VPN bypass vulnerability was considered much more sensitive than other issues and, as such, garnered a lot of attention very quickly. The vulnerability was discovered and made public by a member of the ProtonVPN community and brought to attention.

Here’s more on the issue.

iOS VPN Bug Making Your Apple Device Vulnerable

To explain the problem in its entirety, we have to first look at how a VPN works:

How Does A VPN Works?

The basic concept behind a VPN is that it creates an encrypted tunnel between your device and the server through which your data will be traveling. It also bypasses your ISP server, hiding your IP address and data stream.

How The Vulnerability Works

As mentioned, when you connect to a VPN, it re-establishes all your existing connections through the encrypted tunnel. But the vulnerability itself works by stopping the tunnel from being fully encrypted and secure.

There are two types of connections: Short-term and long-term. Short-term connections are much less vulnerable since they frequently refresh and re-establish themselves. But longer-term connections take longer to do the same, which keeps them out of the reach of the tunnel for a significant amount of time.

Potential Apple Feature?

From the data taken from the testing through Wireshark and factoring in other variables, there has been a theory that this might not be a bug but actually, a planned feature that Apple meant to include. Of course, the reasoning for the inclusion is somewhat baffling. But here’s why there might be some truth to it.

A screenshot from Wireshark illustrates the entire data stream going through an Apple device. The screenshot showed the data stream going exclusively through Apple servers (as evidenced by their use of the 17.0.0.0 IP block).

Specific sources connected this unusual behavior to the Apple Push Notification Service, or APNS for short. APNS is the basis behind features such as FaceTime and Push notifications. However, these features also use the Apple reserved IP block.

Moreover, according to data, it seems that Apple wants to ensure that these features stay excluded from VPNs and proxies.

Unfortunately, this is considered a significant security vulnerability because the VPN isn’t covering the entire data stream and leaves a small hole in its encryption.

Does Apple Know?

Apple has been informed of this potential vulnerability. Although this doesn’t seem to be a cause for concern or alarm, the company has acknowledged that they are looking into it and ensuring no harm to the user’s secured private data.

Is There A Workaround?

Yes, sure there is! Apple recommends holding out until there is a proper fix to this issue. But they’re not without faults.

So, the best solution to the problem is, as recommended by ProtonVPN, this:

First of all, you need to establish a VPN connection.

Once you have done so, all you need to do is turn on Airplane Mode on your Apple device. This will kill all short-term and long-term connections.

Then simply turn off Airplane Mode, and everything will turn to normal and all connections will re-establish themselves.

Although this fix isn’t perfect either, it is significantly more effective than the Always-On VPN solution, as that solution doesn’t allow third-party apps like those recommended by top VPN reviewers.

To Wrap Up

While iOS 13 is refined and smooth, it is not without its faults. And this is a very glaring issue, primarily as millions of Apple users rely on VPNs to browse the internet and work online.

The leaking of personal information and IP addresses is a severe issue, especially in an age where the world is more interconnected than ever. So, if you have an Apple device, use your VPN wisely.

Related Articles

Leave a Reply

Your email address will not be published.