A security researcher says that Apple’s iOS devices don’t fully route all network traffic through VPNs as a user might expect, a potential security issue the device maker has known about for years.
Any third-party VPN seems to work at first, giving the device a new IP address, DNS servers, and a tunnel for new traffic, Horowitz writes. But sessions and connections established before a VPN is activated do not terminate and, in Horowitz’s findings with advanced router logging, can still send data outside the VPN tunnel while it’s active.
In other words, you might expect a VPN client to kill existing connections before establishing a secure connection so they can be re-established inside the tunnel. But iOS VPNs can’t seem to do this, Horowitz says, a finding that is backed up by a similar report from May 2020.
Link: iOS VPNs have leaked traffic for more than 2 years, researcher claims
via arstechnica.com