Security News > 2020 > March > No Patch for VPN Bypass Flaw Discovered in iOS

No Patch for VPN Bypass Flaw Discovered in iOS
2020-03-26 19:55

Proton Technologies, the company behind the privacy-focused ProtonMail and ProtonVPN services, this week disclosed the existence of a vulnerability in Apple's iOS mobile operating system that prevents VPN applications from encrypting all traffic.

When a VPN is used, the device's operating system should close all existing internet connections and reestablish them through a VPN tunnel to protect the user's data and privacy.

"Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel," Proton explained in a blog post.

The bigger problem is that the user's IP address and the IP of the server they are connecting to remain exposed, and the server will see the user's real IP instead of the VPN server's IP. "Those at highest risk because of this security flaw are people in countries where surveillance and civil rights abuses are common," Proton explained.

The company pointed out that new internet connections will connect through the VPN tunnel, but connections that are running when the user connects to the VPN server will remain outside the tunnel.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/Ok6GrPaYIqg/no-patch-vpn-bypass-flaw-discovered-ios