It’s possible Apple’s Private Relay VPN isn’t so private after all

A potential security flaw in iCloud Private Relay may cause Apple’s VPN to bypass firewall rules and send some data back to the iPhone manufacturer’s servers.

This leak itself was first discovered by VPN company Mullvad which was monitoring network connections while working on its own app.

For those unfamiliar, Private Relay works similarly to a VPN tunnel or how Tor works by routing a user’s encrypted network through relay servers before it reaches the internet. The service is currently still in beta and is only available in certain regions, although it also requires a paid iCloud+ subscription.

Tech Radar Pro has contacted Apple about this potential leak in iCloud Private Relay, but we have not yet received a response at the time of writing. However, since the service is still in beta, this issue could be fixed before it becomes generally available. Since the iCloud Private Relay beta coincided with the launch of iOS 15, Apple may make the service fully available with the release of iOS 16 in September this year.

Bypass firewall rules

According to a new blog post from Mullvad, the VPN company was monitoring network connections when it noticed QUIC traffic leaving one of its computers outside of a VPN tunnel.

Disabling Apple’s Private Relay feature helped stop the leaks, and the company even provided instructions for other users to reproduce the leak themselves. Mullvad also pointed out in his blog post that Private Relay (mostly) disables itself as soon as a firewall rule is added to the Packet Filter (PF) system firewall on macOS devices.

See also  Every movie and TV show coming to Prime Video in May 2022

As such, the company believes the leak itself is just some sort of heartbeat signal calling out to Apple. While it’s impossible to know what information is transmitted to Apple’s servers, the leak sends a clear message to your local network and ISP that you may be a macOS user.

At this time, Mullvad is not aware of any way to prevent Private Relay from forwarding user traffic to Apple, but the company recommends that users completely disable the feature for now if their threat model prohibits their local network or their ISP to know what types of devices they are currently using.

Via AppleInsider

Leave a Comment