Solved

VPN Information Leakage on iPhone?

Posted on 2014-02-03
2
659 Views
Last Modified: 2014-02-04
Friends,

Does anyone know the technicality of how Apple has implemented VPN via iPhone (iOS 7).  I need to know if my iPhone is leaking information when in standby via 4G/LTE once Wi-Fi goes out (which is typical to save battery life even when Wi-Fi is still strong and active).

Thank you all.
0
Comment
Question by:neowillendit
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39832299
This is a short brief on Apples VPN - note the VPN on demand various setting which will establish a connection automatically when accessing predefined domains. Out of the box, iOS supports Cisco IPSec, L2TP over IPSec, and PPTP. Split- tunneling should be disable to ensure all traffic route through the VPN tunnel, and also to lockdown proxy to Enterprise authorise proxy prior to any device surfing - this ensure internet traffic is not available unless VPN is up first.

http://images.apple.com/ipad/business/docs/iOS_6_VPN_Apr13.pdf

More stringent lockdown is App VPN or called "Per App VPN" feature in iOS7. This is must be implemented by the developers themselves. So when Apps can phone home through a VPN tunnel as soon as they are launched, and send all their network traffic (and only their network traffic) through it. There can be control by the Enterprise MDM admin, on top of the app developer incorporation using the configuration profile.

https://discussions.apple.com/thread/5318472

The link on the configuration profile and setting specific is a good means to ascertain what the device is able to lockdown and the granularity of it. These are also specific to what iPhone Configuration profile to be provisioned into the iPhone set. Key word search on VPN and Wireless will shed more details in the section

https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html#//apple_ref/doc/uid/TP40010206-CH1-SW37

Having said that, to be network connected, be it wireless of via the phone network signalling, the device is likely to be "leaking" device info already. See the Wifi-Payload on above link for the parameter to likely to be make available in open to establish connection.

Side note, for Android, if your Wi-Fi is turned on, even though it is not connected to any network, your phone will periodically broadcast a unique number (the MAC address), as well as all the Wi-Fi network names and addresses it remembers ever connecting to. With newer Android versions this can happen even if Wi-Fi is turned off, due to a feature called "scanning always available", which helps your device better determine its location.
0
 
LVL 1

Author Closing Comment

by:neowillendit
ID: 39832996
This is top-notch feedback and answers my question completely.  Thank you.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we will discuss some EI Capitan Mail app issues and provide some manual process to resolve them.
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Users will learn how to set proper sequence settings, scale images, paste attributes, add transitions, fades, and music. Open up Final Cut Pro 7 and Create a new Project: Set the Sequence Settings. a) Click File > Easy Setup > Format > Apple ProRe…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question