VPNs on iOS are not P

Security researcher Michael Horowitz warns users of iOS devices that VPNs on this platform do not work. Although they seem to work normally, the iOS device also gets a new public IP address along with new DNS servers.


A detailed inspection of the data coming out of a device running iOS by Horowitz shows that there are leaks in VPN tunneling. This was first made known by ProtonVPN, according to Horowitz, as of March 2020 and iOS v13.

Horowitz first tested the ProtonVPN app on an iPad running iOS version 15.4.1. Monitoring the router logs after starting the VPN connection showed both a VPN tunnel and IP addresses obtained from a public server. He then checked the iPad's Active Sessions with PepLinks and got a first inkling of a problem.

Device connected via IPsec VPN tunnel with UDP IP However, a 2nd TCP connection was also established by the Apple Push service using port 5223 to IP address Horowitz reports that all IP addresses starting with 17 belong to Apple:

Το iOS 15.4.1 εξακολουθεί να μην τερματίζει τις υπάρχουσες συνδέσεις/περιόδους σύνδεσης όταν δημιουργεί ένα VPN tunnel. Αυτό παρουσιάζει διάφορους κινδύνους. Οι συνδέσεις εκτός του VPN επικοινωνούν με την πραγματική δημόσια διεύθυνση IP σας και δεν υπάρχει καμία εγγύηση ότι είναι κρυπτογραφημένες. Είναι επίσης ευάλωτες στην κατασκοπεία των ISP. 

Horowitz described his findings in more detail in his article VPNs on iOS are a scam. He even published some "solutions", but his conclusion was:

Don't trust any VPN on iOS, connect using VPN client software on the router, not through an iOS device.

iGuRu.gr The Best Technology Site in Greecefgns

vpn, iOS, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).