• November 28, 2022

It’s An Omnichannel Holiday: Online Stays Strong As Shoppers Return To Stores

Americans embraced in-person shopping this Black Friday weekend, returning to stores and malls in big numbers. But early results for the weekend showed that consumers’ love affair with online shopping remains …

Holiday Inflation Watch: Thanksgiving Travel & Menus Took A Hit

The holiday inflation watch continues. This time, it’s Thanksgiving and plenty of consumers are feeling ungrateful for inflation as it slashed travel plans and slimmed down portions this year. In the …

First Legal Cannabis Retail Licenses Hit New York’s Massive Market

A mere 20 years after this article’s cover photo was taken, New York State is about to welcome its first-ever legal cannabis retail dispensaries. In November, New York’s Office of Cannabis …

iOS 16 is a buggy mess, with Apple releasing a series of dedicated bug fixes that have barely scratched the surface. And now, new research has discovered that arguably the worst problem in iOS is even worse in iOS 16.

Speaking to MacRumors, security researchers Tommy Mysk and Talal Haj Bakry of Mysk reveal that iOS 16 leaks user data when using a VPN. This problem has been ongoing since iOS 13.3.1. What makes it worse is Apple introduced a new ‘Lockdown Mode’ in iOS 16, but the researchers found it leaks even more data than the standard mode. Something which has potentially serious repercussions.

“We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet,” the researchers tweeted along with an explanatory video.

Advertisement

“The Lockdown Mode leaks more traffic outside the VPN tunnel than the ‘normal’ mode,” the researchers added. “It also sends push notification traffic outside the VPN tunnel. This is weird for an extreme protection mode.”

Contrast this with Apple’s description of Lockdown Mode in its support documents:

“Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats. Most people are never targeted by attacks of this nature.”

“When Lockdown Mode is enabled, your device won’t function like it typically does,” Apple continues. “ To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all.”

There’s a differentiation to be made here between attacks and data retention. Still, it is reasonable to assume that anyone using Lockdown Mode would not expect more data to be leaked via VPN with it enabled than without.

I have contacted Apple about these discoveries and will update this article if/when I receive a response.

___

Follow Gordon on Facebook

More on Forbes

Advertisement

Leave a Reply

Your email address will not be published.