Proton warns of iOS 13.4 bug that could expose IP address VPN usersadres

Spread the love

ProtonVPN has found a vulnerability in iOS 13.3.1 and 13.4 that makes VPN connections less secure under certain circumstances. Among other things, IP addresses of users can be made transparent.

ProtonVPN describes that a community member discovered that iOS in version 13.3.1 does not close existing connections when using VPN, a bug that also appears to be in 13.4 and for which there is no patch yet. According to ProtonVPN, this will not cause any problems for most connections, because they are short-lived and eventually set up via the VPN tunnel. But some connections can remain open for hours outside the VPN tunnel, is the warning.

The Swiss company cites the push system for notifications from iOS as an example. “But the problem could affect any app or service, such as instant messaging applications or web beacons.” Most connections nowadays are encrypted anyway, but in those circumstances servers can see the IP address of the user instead of that of the VPN service. This can cause problems for users, in particular for users in countries with repressive regimes, according to Proton.

In addition, VPN providers cannot directly work around the problem because iOS does not allow third parties to close connections. However, the company has discovered a workaround that requires users to connect to the VPN and then toggle airplane mode on and off. The service cannot guarantee that this will completely solve the problem.

You might also like
Exit mobile version