Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 675
  • Last Modified:

VPN Information Leakage on iPhone?

Friends,

Does anyone know the technicality of how Apple has implemented VPN via iPhone (iOS 7).  I need to know if my iPhone is leaking information when in standby via 4G/LTE once Wi-Fi goes out (which is typical to save battery life even when Wi-Fi is still strong and active).

Thank you all.
0
neowillendit
Asked:
neowillendit
1 Solution
 
btanExec ConsultantCommented:
This is a short brief on Apples VPN - note the VPN on demand various setting which will establish a connection automatically when accessing predefined domains. Out of the box, iOS supports Cisco IPSec, L2TP over IPSec, and PPTP. Split- tunneling should be disable to ensure all traffic route through the VPN tunnel, and also to lockdown proxy to Enterprise authorise proxy prior to any device surfing - this ensure internet traffic is not available unless VPN is up first.

http://images.apple.com/ipad/business/docs/iOS_6_VPN_Apr13.pdf

More stringent lockdown is App VPN or called "Per App VPN" feature in iOS7. This is must be implemented by the developers themselves. So when Apps can phone home through a VPN tunnel as soon as they are launched, and send all their network traffic (and only their network traffic) through it. There can be control by the Enterprise MDM admin, on top of the app developer incorporation using the configuration profile.

https://discussions.apple.com/thread/5318472

The link on the configuration profile and setting specific is a good means to ascertain what the device is able to lockdown and the granularity of it. These are also specific to what iPhone Configuration profile to be provisioned into the iPhone set. Key word search on VPN and Wireless will shed more details in the section

https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html#//apple_ref/doc/uid/TP40010206-CH1-SW37

Having said that, to be network connected, be it wireless of via the phone network signalling, the device is likely to be "leaking" device info already. See the Wifi-Payload on above link for the parameter to likely to be make available in open to establish connection.

Side note, for Android, if your Wi-Fi is turned on, even though it is not connected to any network, your phone will periodically broadcast a unique number (the MAC address), as well as all the Wi-Fi network names and addresses it remembers ever connecting to. With newer Android versions this can happen even if Wi-Fi is turned off, due to a feature called "scanning always available", which helps your device better determine its location.
0
 
neowillenditAuthor Commented:
This is top-notch feedback and answers my question completely.  Thank you.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now