Using an iPhone VPN? You're not as secure as you think
They communicate outside the VPN tunnel!
It appears that a number of Apple's own services skip the protection of a VPN with iOS 16.
Two iOS developers, who also serve as security researchers, have discovered that iOS 16 communicates with Apple services outside of an "active VPN tunnel." According to the research, Health, Maps, and Wallet all "escape" the VPN connection when communicating with the company.
We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet. We used and #Wireshark. Details in the video:
We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.We used @ProtonVPN and #Wireshark. Details in the video:#CyberSecurity #Privacy pic.twitter.com/ReUmfa67lnOctober 12, 2022
Due to this behavior, the Mysk developers say that "you can easily monitor the network traffic of any device using this simple method" that they have laid out below:
You can easily monitor the network traffic of any device using this simple method. You don't need a custom router for that. You just need a Mac and #Wireshark, and enjoy ✌️ https://t.co/1IBRf4F14AOctober 12, 2022
That seems concerning
Incredibly, it appears that Lockdown Mode "leaks more traffic outside the VPN tunnel than the 'normal' mode."
Update: The Lockdown Mode leaks more traffic outside the VPN tunnel than the "normal" mode. It also sends push notification traffic outside the VPN tunnel. This is weird for an extreme protection mode. Here is a screenshot of the traffic (VPN and Kill Switch enabled)
Update: The Lockdown Mode leaks more traffic outside the VPN tunnel than the "normal" mode. It also sends push notification traffic outside the VPN tunnel. This is weird for an extreme protection mode.Here is a screenshot of the traffic (VPN and Kill Switch enabled) #iOS pic.twitter.com/25zIFT4EFaOctober 13, 2022
Lockdown Mode is the iPhone's new mode that is marketed as a way to take the security and privacy of your phone to new heights. Turning on the mode takes the following measures on your phone:
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
- Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
- Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
- Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
- Wired connections with a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.
It's concerning to hear about these vulnerabilities. Hopefully, Apple is able to rework how some of its communications work with its services so more run through the protection of the VPN tunnel.
Joe Wituschek is a Contributor at iMore. With over ten years in the technology industry, one of them being at Apple, Joe now covers the company for the website. In addition to covering breaking news, Joe also writes editorials and reviews for a range of products. He fell in love with Apple products when he got an iPod nano for Christmas almost twenty years ago. Despite being considered a "heavy" user, he has always preferred the consumer-focused products like the MacBook Air, iPad mini, and iPhone 13 mini. He will fight to the death to keep a mini iPhone in the lineup. In his free time, Joe enjoys video games, movies, photography, running, and basically everything outdoors.