Windows 10 News and info | Forum
March 31, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: VPN bypass vulnerability in Apple iOS  (Read 6 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 31260


I Do Windows


WWW Email
« on: March 26, 2020, 09:33:49 PM »
ReplyReply

This article reports a security vulnerability discovered in Apple’s iOS version 13.4 that prevents VPNs from encrypting all traffic.

From time to time we may encounter vulnerabilities in third-party software, which in the future will be disclosed after 90 days in accordance with our responsible disclosure program. We are disclosing this “VPN bypass” vulnerability publicly because it’s important that our community and other VPN providers and their users are aware of this issue.

Below we explain the nature of the security flaw, how we investigated it, and what users can do to mitigate their risk until Apple fixes the vulnerability.

How the iOS VPN bypass

Typically, when you connect to a virtual private network (VPN), the operating system of your device closes all existing Internet connections and then re-establishes them through the VPN tunnel.

A member of the Proton community discovered that in iOS version 13.3.1, the operating system does not close existing connections. (The issue also persists in the latest version, 13.4.) Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel.

One prominent example is Apple’s push notification service, which maintains a long-running connection between the device and Apple’s servers. But the problem could impact any app or service, such as instant messaging applications or web beacons.

The VPN bypass vulnerability could result in users’ data being exposed if the affected connections are not encrypted themselves (though this would be unusual nowadays). The more common problem is IP leaks. An attacker could see the users’ IP address and the IP address of the servers they’re connecting to. Additionally, the server you connect to would be able to see your true IP address rather than that of the VPN server.

Those at the highest risk because of this security flaw are people in countries where surveillance and civil rights abuses are common.

Neither ProtonVPN nor any other VPN service can provide a workaround for this issue because iOS does not permit a VPN app to kill existing network connections.

Investigating the vulnerability

To investigate this issue, we used Wireshark to capture an iOS device’s network traffic.

When you connect a device to VPN, you should only be able to see traffic between the device’s IP and the VPN server or local IP addresses (other devices on your local network). As the capture below shows, there is also direct traffic between the iOS device’s IP and an external IP address that is not the VPN server (in this case it’s an Apple server).


Exposed connections to Apple servers (ProtonVPN) - click to enlarge

10.0.2.109 = iOS device’s IP address
185.159.157.8 = ProtonVPN server
17.57.146.68 = Apple-owned IP address

We’ve calculated this vulnerability’s CVSS score as medium.

How to mitigate the iOS VPN bypass vulnerability

Internet connections established after you connect to VPN are not affected. But connections that are already running when you connect to VPN may continue outside the VPN tunnel indefinitely. There is no way to guarantee that those connections will be closed at the moment you start a VPN connection.

However, we’ve discovered the following technique to be almost as effective:

1. Connect to any ProtonVPN server.

2. Turn on airplane mode. This will kill all Internet connections and temporarily disconnect ProtonVPN.

3. Turn off airplane mode. ProtonVPN will reconnect, and your other connections should also reconnect inside the VPN tunnel, though we cannot guarantee this 100%.

Alternatively, Apple recommends using the Always-on VPN to mitigate this issue. This method requires using device management, so, unfortunately, it doesn’t mitigate the issue for third-party applications such as ProtonVPN.

This vulnerability was first reported to us by Luis, a security consultant and member of the Proton community. We have been in contact with Apple, which has acknowledged the VPN bypass vulnerability and is looking into options to mitigate it. Until an update is available from Apple, we recommend the above workarounds.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page March 27, 2020, 06:51:09 PM