iOS 16 VPN Tunnels Leak Data, Even When Lockdown Mode Is Enabled

by

iOS 16 continues to leak data outside an active VPN tunnel, even when Lockdown mode is enabled, security researchers have discovered.

Lockdown Mode Feature
Speaking to MacRumors, security researchers Tommy Mysk and Talal Haj Bakry explained that iOS 16's approach to VPN traffic is the same whether Lockdown mode is enabled or not. The news is significant since iOS has a persistent, unresolved issue with leaking data outside an active VPN tunnel.

In August, it again emerged that third-party VPNs for iOS and iPadOS routinely fail to route all network traffic through a secure tunnel after they have been turned on – an issue that Apple has purportedly known about for years.

Typically, when a user activates a VPN, the operating system closes all existing internet connections and then re-establishes them through the VPN tunnel. In iOS, security researchers have found that sessions and connections established before the VPN is turned on are not terminated as one would expect, and can still send data outside the VPN tunnel while it is active, leaving it potentially unencrypted and exposed to ISPs and other parties.

According to a report from privacy company Proton, an iOS VPN bypass vulnerability had been identified in iOS 13.3.1, which persisted through three subsequent updates. Apple indicated it would add Kill Switch functionality in a future software update that would allow developers to block all existing connections if a VPN tunnel is lost, but this functionality does not appear to prevent data leaks as of iOS 15 and iOS 16.

Mysk and Bakry have now discovered that iOS 16 communicates with select Apple services outside an active VPN tunnel and leaks DNS requests without the user's knowledge:

Mysk and Bakry also investigated whether iOS 16's Lockdown mode takes the necessary steps to fix this issue and funnel all traffic through a VPN when one is enabled, and it appears that the exact same issue persists whether Lockdown mode is enabled or not, particularly with push notifications. This means that the minority of users who are vulnerable to a cyberattack and need to enable Lockdown mode are equally at risk of data leaks outside their active VPN tunnel.

iOS 16 introduced Lockdown mode as an optional security feature designed to protect the "very small number" of users who may be at risk of "highly targeted cyberattacks" from private companies developing state-sponsored spyware, such as journalists, activists, and government employees. Lockdown mode does not enable a VPN itself, and relies on the same third-party VPN apps as the rest of the system.

Due to the fact that iOS 16 leaks data outside the VPN tunnel even where Lockdown mode is enabled, internet service providers, governments, and other organizations may be able to identify users who have a large amount of traffic, potentially highlighting influential individuals. It is possible that Apple does not want a potentially malicious VPN app to collect some kinds of traffic, but seeing as ISPs and governments are then able to do this, even if that is what the user is specifically trying to avoid, it seems likely that this is part of the same VPN problem that affects iOS 16 as a whole.

It is worth noting that Apple only lists high-level features that activate when Lockdown mode is enabled, and Apple has not explicitly mentioned any changes that take place to affect VPN traffic. Nevertheless, as Lockdown mode claims to be an extreme protection measure, it seems like a considerable oversight that VPN traffic is a vulnerable point.

Tag: VPN
Related Forum: iOS 16

Popular Stories

iPhone 17 Slim Feature Single Camera 1 Redux

'iPhone 17 Air' Launching Later This Year With These 10 New Features

Wednesday January 15, 2025 7:16 am PST by
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the "ultra-thin" device. Overall, the "iPhone 17 Air" is shaping up to be a mixed bag. Due to its thinness, the device is expected to have some limited specifications compared to the iPhone 17 Pro models, including only a single rear camera, only a single speaker, no SIM...
Read Full Article129 comments
2024 iPhone Boxes Feature

Apple Changes Trade-In Values for iPhones, iPads, Macs, and More

Thursday January 16, 2025 6:45 am PST by
Apple today adjusted estimated trade-in values for select iPhone, iPad, Mac, and Apple Watch models in the U.S., according to its website. Some values increased, while others decreased. The changes were not too significant, with most values rising or dropping by $5 to $50. We have outlined some examples below: Device New Value Old Value iPhone 15 Pro Max Up to $630 U ...
Read Full Article62 comments
Generic iOS 18

Everything New in iOS 18.3 Beta 3

Thursday January 16, 2025 12:39 pm PST by
Apple provided the third beta of iOS 18.3 to developers today, and while the betas have so far been light on new features, the third beta makes some major changes to Notification Summaries and also tweaks a few other features. Notification Summary Changes Apple made multiple changes to Notification Summaries in response to complaints about inaccurate summaries of news headlines. For...
Read Full Article27 comments
new magsafe charger

Apple Releases Updated MagSafe Charger Firmware

Tuesday January 14, 2025 11:30 am PST by
Apple today released new firmware designed for the 25W MagSafe Charger that is compatible with the iPhone 12 and later and the latest AirPods and Apple Watch models. The updated firmware is version 2A143, up from the 2A138 firmware that the accessory shipped with. In the Settings app, you'll see a different version number than the internal firmware number. The 2024 MagSafe charger was...
Read Full Article67 comments
iPhone 17 Pro Dual Tone Feature 1

iPhone 17 Pro Launching Later This Year With These 8 New Features

Thursday January 9, 2025 5:45 am PST by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. iPhone 17 Pro concept based on rumors Below, we recap key changes rumored for the iPhone 17 Pro models as of January 2025: More aluminum: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models ...
Read Full Article105 comments
Generic iOS 18

iOS 18.3 Coming Soon: Here's What's New

Monday January 13, 2025 5:33 am PST by
iOS 18.3 is currently in beta for developers and public beta testers. So far, the upcoming iPhone software update is very minor in scope. Below, we outline what is new in iOS 18.3 so far. The only potential new feature coming to iPhones with iOS 18.3 so far is robot vacuum support in the Home app, but this functionality is not yet live. Apple is laying the groundwork for the feature,...
Read Full Article
Apple Card iPhone 16 Pro Feature

Three Companies Are Now in the Running to Take Over the Apple Card

Thursday January 16, 2025 8:18 am PST by
Apple is in talks with Barclays and Synchrony about becoming its new financial partner for the Apple Card, according to Reuters sources. The report today added that Apple has also been holding discussions with Chase Bank owner JPMorgan since last year, so there are at least three potential companies in the running to take over the Apple Card from current partner Goldman Sachs. Goldman...
Read Full Article50 comments
MacBook Air 15 Inch Feature Blue

MacBook Air Likely Apple's First Product Update of 2025: What to Expect

Wednesday January 15, 2025 8:49 am PST by
There is a good chance that Apple's first product announcement of 2025 will be updated 13-inch and 15-inch MacBook Air models with the M4 chip. Last month, Apple released macOS Sequoia 15.2, and in doing so it accidentally confirmed new MacBook Air models are coming this year (unsurprisingly). Bloomberg's Mark Gurman said the new MacBook Air models will be announced "earlier" than some...
Read Full Article74 comments
apple power beats pro 2

Powerbeats Pro 2 Filed in Regulatory Databases Ahead of 2025 Launch

Wednesday January 15, 2025 6:02 am PST by
In September, Apple said that it would be launching Powerbeats Pro 2 in 2025, and now further evidence of the wireless earbuds has surfaced. Powerbeats Pro 2 images found in iOS 18 code Apple submitted Powerbeats Pro 2 regulatory documents to the U.S. Federal Communications Commission (FCC) in mid-December. The documents were made available to the public this week, and they were spotted by 91M...
Read Full Article41 comments

Top Rated Comments

bevel Avatar
bevel
30 months ago
Come on Apple! How long is this going to take to fix? For a company that prides itself on privacy this is not good enough
Score: 49 Votes (Like | Disagree)
DEMinSoCAL Avatar
DEMinSoCAL
30 months ago
Looks like the phone that prides itself on privacy isn't so private after all.
Score: 39 Votes (Like | Disagree)
icanhazmac Avatar
icanhazmac
30 months ago

an issue that Apple has purportedly known about for years
This is the most troubling part! Apple has the resources to fix anything they want to fix, why haven't they fixed this?
Score: 34 Votes (Like | Disagree)
SW3029 Avatar
SW3029
30 months ago
**** Apple. There's a damn difference between real privacy and security and real good privacy and security marketing.
Score: 34 Votes (Like | Disagree)
cjbriare Avatar
cjbriare
30 months ago

vpn is no privacy tool, it is for connecting 2 networks secure. Don't try to change a feature to do a thing it is not meant to do...
what does the P stand for again?
Score: 28 Votes (Like | Disagree)
nt5672 Avatar
nt5672
30 months ago

Come on Apple! How long is this going to take to fix? For a company that prides itself on privacy this is not good enough
Their pride is for marketing purposes, not real life.
Score: 22 Votes (Like | Disagree)
Read All Comments