Apple iOS 13.4 vulnerability prevents VPNs from encrypting all traffic
Apple recently rolled out iOS 13.4 for its iPhones. The software update brings host of security updates and new features to iPhones.Updated: Mar 27, 2020 15:20 IST
Apple recently rolled out iOS 13.4 to its iPhone users across the globe. The update that comes nearly two months after the last update brought a bunch of new features and security fixes to iPhone’s platform. The list includes new memoji stickers, ability ti iCloud Drive folder directly from the Files app, and fixes pertaining to the Camera, Mail and Home apps among others. Now, a new report highlights a major security vulnerability that iOS 13.4 didn’t fix.
According to a report by VPN provider Proton, iOS 13.4 contains a vulnerability that prevents VPNs from encrypting data on your iPhones.
To give you a basic idea about VPNs, these network essentially close all your existing internet connections following which they re-route your entire data through their encrypted channel. Now, the vulnerability in iOS 13.4 prevents your data from being secured, or in other words encrypted, when using VPN on your iPhones.
The VPN provider says that while most connections are short-lived, some are long-lasting and “can remain open for minutes to hours outside the VPN tunnel.”
“The VPN bypass vulnerability could result in users’ data being exposed if the affected connections are not encrypted themselves... The more common problem is IP leaks. An attacker could see the users’ IP address and the IP address of the servers they’re connecting to,” Proton wrote in a blog post.
What’s worrisome is that neither ProtonVPN nor any other VPN service can provide a workaround for this issue. This is because Apple’s iOS does “not permit a VPN app to kill existing network connections.” Simply said, there is no way around this issue unless Apple rolls out a fix.
Now some good news. As per the VPN provider, only the internet connections that are already running when you connect to a VPN will be outside its scope of encryption. This means that the connections that are established after you connect to VPN are not affected. Simply said, if you open new a connection after connecting to a VPN, your data would remain safe.
The only way around this issue, as Proton highlights in its blog, is turning the Airplane Mode on your iPhone on and then off after connecting to a VPN service. This will kill all your internet connections and help you reconnect inside the VPN tunnels. Alternatively, the VPN service says that users can use Apple recommended Always-on VPN to mitigate this issue.