When using a VPN we look for privacy, that our data is protected and no information is leaked. For example, when connecting to a public Wi-Fi network, such as in a shopping center or airport, all this could be in danger if we do not use this type of program. However, sometimes they don’t work as expected. In this article we echo a report that shows how iOS 16 communicates with Apple services outside a VPN tunnel active. That can lead to a security and privacy problem.
iOS sends data out of the VPN tunnel
If you have an iPhone and you have iOS version 16, when using a VPN the communication data from Apple services is sent outside the tunnel. But also, filter DNS requests. Here we can name a service such as Maps, Health or Wallet. This logically means that user data can be leaked and affect security.
This discovery has been made since Mysk. In their Twitter account they have explained what it consists of. For the tests they have used several VPNs, such as ProtonVPN and Wireshark. They show a video where you can see that it leaks connection data when opening the Maps application, for example. It is seen how iOS filters the connection.
Mysk 🇨🇦🇩🇪
@mysk_co
We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.
We used @ProtonVPN and #Wireshark. Details in the video:#CyberSecurity #Privacy https://t.co/ReUmfa67ln
October 12, 2022 • 02:50
In order to carry out this test, monitored network activity. This way they can see if data is leaked or everything goes through the VPN tunnel. This happens when opening certain applications that come with iOS and that are very common. Those that we have named as Maps, Health or Wallet, but also others such as the Apple Store. The same thing happens with all of them and it sends data out of the VPN tunnel.
A VPN is not infallible in security
It is clear that having a VPN can help us in many situations to avoid privacy issues. This will allow the connection to be encrypted and what we send goes through a tunnel previously. However, this does not mean that we are 100% protected. Not only do we mean that there may be problems like the one we have seen in this iOS article, but these applications do not work miracles in security.
What can happen? A VPN for example does not detect viruses. If we enter a false page and download a fraudulent file, even though the connection is encrypted, we will still be downloading malware that can infect the system, steal passwords or cause the device to go wrong.
Nor will it protect us from phishing attacks, which are a very present threat today. If we receive a malicious email, which contains a false link, we will not be protected even if we are using a good VPN. We can also end up on a false page and be leaking data.
For all these reasons, beyond using a good VPN, it is essential to take other measures such as using an antivirus, keeping everything up to date or, most importantly, not making mistakes. It is equally essential to know if the VPN works well.