Android Traffic Leaks Outside VPN Tunnels even with Always-on VPN Enabled

Październik 13, 2022
przez Karina Wilson
145 Wyświetlenia
3 min przeczytaj

Mullvad VPN experts have found that on Android, traffic “leaks” outside VPN tunnels when the device connects to a Wi-Fi network. This happens even if the Block connections without VPN or Always-on VPN features are enabled.

Przypomnę, że to też pisaliśmy NordVPN I TorGuard talk about compromise.

W rzeczywistości, information such as source IP addresses, DNS queries, HTTPS traffic, and possibly NTP traffic leaks outside VPN tunnels.

Although this behavior in Android is, W rzeczywistości, normal, few people know about this feature of the OS, due to the inaccurate description of the VPN Lockdown functionality in the official documentation.

Mullvad VPN analysts explain that there is an option in Android settings to block network connections if the user is not using a VPN. This feature is designed to prevent the user’s real IP address from being accidentally leaked if the VPN connection is interrupted or abruptly terminated.

Jednakże, this feature is often hampered by special cases, such as authentication in captive portals (such as Wi-Fi in a hotel), and checks that must be verified before a user can log in, or when using split tunneling features.

Z tego powodu, Androidleakssome data when connecting to a new Wi-Fi network, regardless of whether the Block connections without VPN setting is enabled.

The specialists reported the problem to Google developers and asked them if it was possible to somehow fix it by refusing connection checks. Unfortunately, Google replied that it would not be possible to fix the problem for the following reasons:

  1. many VPNs rely on the results of these connectivity checks;
  2. checks are not the only exceptions and far from being the most risky ones;
  3. The impact on user privacy is minimal, if not negligible, since leaked information is already available on L2 connections.

The researchers argue that the traffic flowing outside the VPN connection contains metadata that can be used to obtain sensitive information, such as the location of Wi-Fi hotspots.

Connectivity testing traffic can be monitored and analyzed by the party that controls the connectivity testing server, as well as any other person who monitors network traffic. Even if the message doesn’t reveal anything other thansome Android device is connected,” the metadata (including the source IP address) can be used to provide additional information, especially when combined with data such as the location of Wi-Fi hotspots.the researchers write in a blog post.

Mullvad VPN experts are convinced that even if these leaks are not fixed, Google engineers should at least update the documentation and explain that Block connections without VPN protection does not cover connection checks.

O autorze

Karina Wilson

Z ponad 10 wieloletnie doświadczenie w pisaniu dla mediów internetowych i drukowanych, Jestem ekspertem w dostarczaniu jasnych i przekonujących tekstów.

Pisałem dla wiodącej agencji zajmującej się copywritingiem SEO, a także dla niektórych z najbardziej znanych brytyjskich marek, czasopisma i gazety.

Wyświetl wszystkie posty

Zostaw komentarz