iOS 13.3.1 Bug Stops VPN’s from Encrypting Entire Traffic

BY Mahit Huilgol

Published 26 Mar 2020

What's New in iOS 13.4VPN’s or Virtual Private Networks adds an extra layer of security while using the internet. Now a newly discovered bug on iOS 13.3.1 and later is found to be blocking virtual private networks from encrypting all traffic.

As the VPN is not able to encrypt entire traffic some bits and pieces are exposed. This will eventually expose users’ data and IP addresses. The vulnerability was discovered by a security consultant who disclosed it to ProtonVPN.

The issue occurs when iOS fails to terminate all the existing Internet connection before allowing the VPN to connect. Proton VPN says “Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own.” they further add that “However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel.”

When the connections are outside VPN tunnels they are vulnerable. In cases like this user, data can potentially be exposed to third-party apps and in some cases, users’ locations can be tracked once the IP address is leaked.

Ideally once connected to VPN, the traffic between devices, local IP address, VPN should be shown. As you can see in the screenshot above this is clearly not the case. Apple server IP’s figure out in the list due to previously opened connections that are not terminated prior to VPN connection.

The blog goes on to mention that Apple Push notification is a good thing as it shows a certain process that is connected to Apple servers. However, things can take an ugly turn as this bug will affect other services or apps used on the iOS device. Apple has already acknowledged the vulnerability and has assured that it is working on resolving the same.

[via Bleeping Computer]