iOS 16 VPNs Leak Data Even When Lockdown Is Enabled
If you’re using a VPN you’re probably doing it to try and make sure that you’re keeping as much information private as is humanly possible.
But a new report suggests that VPNs on Apple’s iOS 16 devices might not be doing that, even in Lockdown mode.
Security researchers Tommy Mysk and Talal Haj Bakry, speaking to MacRumors, say that iOS 16 handles VPN traffic the same whether it is in Lockdown mode or not. That matters because iOS has a long-running issue that means that data can leak outside an active VPN connection, meaning that now happens even when Lockdown mode is turned on.
Typically, when a user activates a VPN, the operating system closes all existing internet connections and then re-establishes them through the VPN tunnel. In iOS, security researchers have found that sessions and connections established before the VPN is turned on are not terminated as one would expect, and can still send data outside the VPN tunnel while it is active, leaving it potentially unencrypted and exposed to ISPs and other parties.
Now, security researchers have discovered that the same flaw is in place with the new Lockdown mode enabled. That mode is supposed to protect people from cyberattacks, specifically those who are likely to be targetted because they are journalists, activists, or members of government. Those people are likely to use VPNs already, but this discovery means that enabling Lockdown mode doesn’t prevent a bug that was already in place.
As a result, it’s possible that internet service providers and third parties could still access data transmitted form iPhones even when using a VPN with Lockdown mode enabled.