It seems iOS 16 has a notable vulnerability: in fact, some of Apple’s own services do not observe a VPN tunnel. That’s according to research by two developers who are also researchers. Health, Maps and Money apps on the iPhone do not use a set VPN.
A VPN is a virtual private network. When you install a VPN, your Internet usage is encrypted and therefore anonymized. Even your Internet provider can then no longer see what you are doing. However, some (free) services may collect data or work slightly differently.
iOS 16: VPN issues for the iPhone.
We now read on Twitter that some of Apple’s apps thus outside such a VPN still communicate with Apple’s servers when you use such a service on iOS 16. Worse, they also leak DNS requests. The researchers used two VPN services for this, Proton and Wireshark.
Twitter is not loading because you did not give permission.
We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.
We used @ProtonVPN and #Wireshark. Details in the video:#CyberSecurity #Privacy
– Mysk (@mysk_co) October 12, 2022
The researchers further explain that this allows you to easily monitor network traffic on a device. They then explain that in another tweet. By the way, the new Lockdown Mode makes things even worse. In fact, that mode leaks even more information than when the normal mode is active.
What is a VPN?
The acronym VPN stands for Virtual Private Network and ensures that you are unidentifiable online. A VPN does this by connecting to servers in other countries. In this way, you can visit a website from the Netherlands, but the site will think you are from the United States.
What is Lockdown Mode again?
But what is this Lockdown Mode again? That mode is marketed as an extremely secure mode for your iPhone. Apple wants to use it to give you back control of your own data and phone. When you activate the mode, a number of things happen. For example, the messaging app suddenly works differently.
All attachments except images are then blocked. Also, link previews no longer work. In addition, more complex Web technologies will no longer work in the browser, and apps like FaceTime will be restricted. You can then only receive phone calls from people you were previously in contact with, for example.