VPN setting on Apple iPhone 12 screen

FellowNeko/Shutterstock (Licensed)

Using a VPN on iOS still is a major security risk

'At this point, I see no reason to trust any VPN on iOS'


Jacob Seitz


Posted on Aug 17, 2022

Virtual Private Networks on Apple’s iOS devices won’t work because of a software bug, according to n prominent expert, putting the security of potentially millions of users at risk.

In a report, independent computer consultant and former CNET writer Michael Horowitz said that a previously known VPN flaw in iOS devices is still ongoing. The flaw was first pointed out by ProtonVPN in 2020. In short, iOS devices allow some user data to leak outside of the “tunnel” that the VPN creates, possibly allowing data to be tracked or captured without user knowledge.

“At this point, I see no reason to trust any VPN on iOS,” Horowitz said. “My suggestion would be to make the VPN connection using VPN client software in a router, rather than on an iOS device.”

Horowitz conducted his tests by connecting his iPad to a VPN and tracking the iPad’s connection requests via his internet router. If the VPN worked, his router would show an outbound connection request from the iPad to the VPN, and then nothing new after that. Horowitz said that the VPN appeared to work for a couple of minutes on his iPad, however, a “flood” of connection requests were sent out after less than 20 minutes on the VPN. 

“A VPN that is not doing what it is supposed to do,” Horowitz said bluntly. “Data is leaving my iPad and not traveling through the VPN tunnel.”

Horowitz said he contacted both Apple and the Cybersecurity and Infrastructure Security Agency to alert them of the issue but received no reply from either the Cupertino tech giant or the CISA.

“It takes so little time and effort to re-create this, and the problem is so consistent, that if they tried at all, they should have been able to re-create it,” he said. “None of my business. Maybe they are hoping, that like ProtonVPN, I will just move on and drop it. Dunno.”

VPNs are crucial tools for data security, especially for people in potentially hostile countries. Earlier this month, The New York Times reported that Russia was diverting all of the internet traffic in occupied parts of Ukraine back to Russian networks. A VPN would allow Ukrainian users to skirt these Russian networks and remain undetected. However, with the issue pointed out by ProtonVPN and Horowitz, iPhone users attempting to use a VPN in Ukraine—and other hostile countries—could still be at risk.

Read more of the Daily Dot’s tech and politics coverage

Nevada’s GOP secretary of state candidate follows QAnon, neo-Nazi accounts on Gab, Telegram
Court filing in Bored Apes lawsuit revives claims founders built NFT empire on Nazi ideology
EXCLUSIVE: ‘Say hi to the Donald for us’: Florida police briefed armed right-wing group before they went to Jan. 6 protest
Inside the Proud Boys’ ties to ghost gun sales
‘Judas’: Gab users are furious its founder handed over data to the FBI without a subpoena
EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
Share this article
*First Published: Aug 17, 2022, 3:35 pm CDT