Security News > 2024 > May > Android bug leaks DNS queries even when VPN kill switch is enabled

Android bug leaks DNS queries even when VPN kill switch is enabled
2024-05-03 21:02

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option.

As Mullvad found out while investigating the issue spotted on April 22, an Android bug leaks some DNS information even when these features are enabled on the latest OS version.

They discovered that Android leaks DNS traffic when a VPN is active or when a VPN app re-configures the tunnel, crashes, or is forced to stop.

Mullvad said that the first DNS leak scenario, where the user switches to another server or changes the DNS server, can be mitigated easily by setting a bogus DNS server while the VPN app is active.

It has yet to find a fix for the VPN tunnel reconnect DNS query leak, which is valid for all other Android VPN apps seeing that they're also likely impacted by this issue.

In October 2022, Mullvad also found that Android devices were leaking DNS queries every time they connected to a WiFi network because of connectivity checks even if "Always-on VPN" was toggled on with "Block connections without VPN" enabled.


News URL

https://www.bleepingcomputer.com/news/security/android-bug-leaks-dns-queries-even-when-vpn-kill-switch-is-enabled/