Solved

VPN Information Leakage on iPhone?

Posted on 2014-02-03
2
657 Views
Last Modified: 2014-02-04
Friends,

Does anyone know the technicality of how Apple has implemented VPN via iPhone (iOS 7).  I need to know if my iPhone is leaking information when in standby via 4G/LTE once Wi-Fi goes out (which is typical to save battery life even when Wi-Fi is still strong and active).

Thank you all.
0
Comment
Question by:neowillendit
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39832299
This is a short brief on Apples VPN - note the VPN on demand various setting which will establish a connection automatically when accessing predefined domains. Out of the box, iOS supports Cisco IPSec, L2TP over IPSec, and PPTP. Split- tunneling should be disable to ensure all traffic route through the VPN tunnel, and also to lockdown proxy to Enterprise authorise proxy prior to any device surfing - this ensure internet traffic is not available unless VPN is up first.

http://images.apple.com/ipad/business/docs/iOS_6_VPN_Apr13.pdf

More stringent lockdown is App VPN or called "Per App VPN" feature in iOS7. This is must be implemented by the developers themselves. So when Apps can phone home through a VPN tunnel as soon as they are launched, and send all their network traffic (and only their network traffic) through it. There can be control by the Enterprise MDM admin, on top of the app developer incorporation using the configuration profile.

https://discussions.apple.com/thread/5318472

The link on the configuration profile and setting specific is a good means to ascertain what the device is able to lockdown and the granularity of it. These are also specific to what iPhone Configuration profile to be provisioned into the iPhone set. Key word search on VPN and Wireless will shed more details in the section

https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html#//apple_ref/doc/uid/TP40010206-CH1-SW37

Having said that, to be network connected, be it wireless of via the phone network signalling, the device is likely to be "leaking" device info already. See the Wifi-Payload on above link for the parameter to likely to be make available in open to establish connection.

Side note, for Android, if your Wi-Fi is turned on, even though it is not connected to any network, your phone will periodically broadcast a unique number (the MAC address), as well as all the Wi-Fi network names and addresses it remembers ever connecting to. With newer Android versions this can happen even if Wi-Fi is turned off, due to a feature called "scanning always available", which helps your device better determine its location.
0
 
LVL 1

Author Closing Comment

by:neowillendit
ID: 39832996
This is top-notch feedback and answers my question completely.  Thank you.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Read about achieving the basic levels of HRIS security in the workplace.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now