It is getting more and more difficult to stay safe online. For this reason, users who really care about their security and privacy choose to use tools that help them be more secure when browsing the Internet, such as a VPN. However, it is possible that, although we think that 100% of the traffic is traveling safely, in reality we are letting sensitive information slip away. And the fault lies with Android and iOS.
This same weekend, the company VPN Mullvad has published a report showing that some Android devices were leaking sensitive user information when connected to a virtual private network. According to the report, Android perform connectivity checks outside the VPN tunnel when we are connected to Wi-Fi networks. And, in addition, it does so even if we have the option to block all connections outside the VPN enabled on the device.
According to the VPN firm, these connections are made for some more or less justified reasons. For example, you have to check if we connect to a captive portal, since if we filter the entire traffic we would not be able to navigate if we need, for example, to log in to a passing website to be able to navigate. However, as justified as this fact is, it is still a problem for the privacy of many users, since metadata can be easily filtered where to find, for example, the IP of origin. And, with it, carry out other more complex attacks.
If we want to reproduce the steps ourselves, it is very simple. The first thing we will do is activate the options of «VPN always on” Y “Block connections without VPN» on our mobile. Next, we disconnect the smartphone from Wi-Fi, and we will use the “tcpdump” command to start monitoring the connections. Now, we connect the Wi-Fi again and we will see how the traffic that is captured is not only that of the VPN, but there is also DNS requests recorded, traffic HTTPS and even packages NTP. All this, outside the VPN.
The same thing happens with a VPN on iOS
This security issue does not affect only Android. As we can see on the network, in iOS 16, the latest version of Apple’s operating system, the same thing happens when we connect via Wi-Fi. In this case, what iOS does is communicate with Apple outside the VPN. Additionally, all DNS requests from Apple’s own apps, such as Health, Maps, and Wallet, are also made outside of the virtual private network. This has been tested with various VPN solutions, such as ProtonVPN, with the expected result.
Mysk 🇨🇦🇩🇪
@mysk_co
We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.
We used @ProtonVPN and #Wireshark. Details in the video:#CyberSecurity #Privacy https://t.co/ReUmfa67ln
October 12, 2022 • 02:50
Neither Google nor Apple have commented on this, so at the moment we can’t really tell if this is intentional (which it probably is) or a bug that will be fixed in future updates. Google, for now, has marked the problem as “no solution”, so we deduce that, in the absence of any official confirmation, it is something done intentionally.
For now, if we want more information about this problem, the MUL22-03 report is available to everyone.
