2 years ago
50
It appears that a fig of Apple's ain services skip the extortion of a VPN with iOS 16.
Two iOS developers, who besides service arsenic information researchers, person discovered that iOS 16 communicates with Apple services extracurricular of an "active VPN tunnel." According to the research, Health, Maps, and Wallet each "escape" the VPN transportation erstwhile communicating with the company.
We corroborate that iOS 16 does pass with Apple services extracurricular an progressive VPN tunnel. Worse, it leaks DNS requests. #Apple services that flight the VPN transportation see Health, Maps, Wallet. We utilized and #Wireshark. Details successful the video:
We corroborate that iOS 16 does pass with Apple services extracurricular an progressive VPN tunnel. Worse, it leaks DNS requests. #Apple services that flight the VPN transportation see Health, Maps, Wallet.We utilized @ProtonVPN and #Wireshark. Details successful the video:#CyberSecurity #Privacy pic.twitter.com/ReUmfa67lnOctober 12, 2022
See more
Due to this behavior, the Mysk developers accidental that "you tin easy show the web postulation of immoderate instrumentality utilizing this elemental method" that they person laid retired below:
You tin easy show the web postulation of immoderate instrumentality utilizing this elemental method. You don't request a customized router for that. You conscionable request a Mac and #Wireshark, and bask ✌️ https://t.co/1IBRf4F14AOctober 12, 2022
See more
That seems concerning
Incredibly, it appears that Lockdown Mode "leaks much postulation extracurricular the VPN passageway than the 'normal' mode."
Update: The Lockdown Mode leaks much postulation extracurricular the VPN passageway than the "normal" mode. It besides sends propulsion notification postulation extracurricular the VPN tunnel. This is weird for an utmost extortion mode. Here is simply a screenshot of the postulation (VPN and Kill Switch enabled)
Update: The Lockdown Mode leaks much postulation extracurricular the VPN passageway than the "normal" mode. It besides sends propulsion notification postulation extracurricular the VPN tunnel. This is weird for an utmost extortion mode.Here is simply a screenshot of the postulation (VPN and Kill Switch enabled) #iOS pic.twitter.com/25zIFT4EFaOctober 13, 2022
See more
Lockdown Mode is the iPhone's caller mode that is marketed arsenic a mode to instrumentality the information and privateness of your telephone to caller heights. Turning connected the mode takes the pursuing measures connected your phone:
- Messages: Most connection attachment types different than images are blocked. Some features, similar nexus previews, are disabled.
- Web browsing: Certain analyzable web technologies, similar just-in-time (JIT) JavaScript compilation, are disabled unless the idiosyncratic excludes a trusted tract from Lockdown Mode.
- Apple services: Incoming invitations and work requests, including FaceTime calls, are blocked if the idiosyncratic has not antecedently sent the initiator a telephone oregon request.
- Wired connections with a machine oregon accessory are blocked erstwhile iPhone is locked.
- Configuration profiles cannot beryllium installed, and the instrumentality cannot enroll into mobile instrumentality absorption (MDM), portion Lockdown Mode is turned on.
It's concerning to perceive astir these vulnerabilities. Hopefully, Apple is capable to rework however immoderate of its communications enactment with its services truthful much tally done the extortion of the VPN tunnel.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24020034/226270_iPHONE_14_PHO_akrales_0595.jpg)
English (US)