User profile for user: chielst
chielst Author
User level: Level 1
4 points

iOS firewall between phone and VPN

Can anyone tell me if there is any layer of security when I'am using a VPN app/connection on a iOS device?


Especially, when my phone is connected with a VPN server (a well known VPN provider), more users use the same server. Is it possible to hack my phone via the VPN? So, is there a firewall between the VPN connection and my phone?


Because the VPN connection is 2-way, from my phone to the VPN server, but also from the VPN server to my phone...

iPhone 13, iOS 16

Posted on Nov 7, 2022 1:43 AM

Reply
Question marked as Top-ranking reply
User profile for user: pgoedtkindt
pgoedtkindt
User level: Level 1
38 points

Posted on Nov 9, 2022 10:29 AM

I work in IT and in the past I have submitted bugs in apple's software that were acknowledged by apple and got fixed in subsequent OS releases. I just mention this to show I have a certain experience.


I setup VPN's as part of my job, but I also set up the VPN servers and firewalls, and you are totally correct that when you connect to a VPN server, that VPN server can connect back to your device.


In case of a computer, it is really important to activate a firewall on the device itself, because the usual (low cost/low quality) firewall of your home will typically not see the traffic going over the VPN, and if you have activated sharing services, the VPN provider could see those same services and abuse of them.


iPhone's/iPad, iWatch are a different story: when you use the device on the mobile network, depending on your operator you could receive a public IP address. Some operators do not give you a public IP address, and have their own routers and firewalls that separate your phone from the rest of the internet. So the problem of an inbound network attack is always there, even without VPN. But typically, iphone's don't have many ports/services open: you don't run a webserver or SSH server on an iphone: apple secured these parts rather well.


But most attacks these days are not direct network attacks:

Very recently apple patched what I think was one of the most serious security issues in recent years - details: About the security content of iOS 16.1 and iPadOS 16 - Apple Support, and I think I've seen these being exploited before the update came out. The use of VPN or firewall would not have protected users from these exploits. I've seem these exploits used on telegram channels discussing the "Military Operation" in Ukraine... so one can guess who's behind them.


If you really need a VPN, I suggest you setup and amazon account, and you manage your locations, VPN servers and security yourself: that way you control everything up to the VPN server. But you can't control what happens after the VPN server. If your connecting using telnet, ftp or any non or weakly encrypted protocol, then the VPN only provides about 50% protection.


Best, Peter




View in context

Similar questions

5 replies
Question marked as Top-ranking reply
User profile for user: pgoedtkindt
pgoedtkindt
User level: Level 1
38 points

Nov 9, 2022 10:29 AM in response to deggie

I work in IT and in the past I have submitted bugs in apple's software that were acknowledged by apple and got fixed in subsequent OS releases. I just mention this to show I have a certain experience.


I setup VPN's as part of my job, but I also set up the VPN servers and firewalls, and you are totally correct that when you connect to a VPN server, that VPN server can connect back to your device.


In case of a computer, it is really important to activate a firewall on the device itself, because the usual (low cost/low quality) firewall of your home will typically not see the traffic going over the VPN, and if you have activated sharing services, the VPN provider could see those same services and abuse of them.


iPhone's/iPad, iWatch are a different story: when you use the device on the mobile network, depending on your operator you could receive a public IP address. Some operators do not give you a public IP address, and have their own routers and firewalls that separate your phone from the rest of the internet. So the problem of an inbound network attack is always there, even without VPN. But typically, iphone's don't have many ports/services open: you don't run a webserver or SSH server on an iphone: apple secured these parts rather well.


But most attacks these days are not direct network attacks:

Very recently apple patched what I think was one of the most serious security issues in recent years - details: About the security content of iOS 16.1 and iPadOS 16 - Apple Support, and I think I've seen these being exploited before the update came out. The use of VPN or firewall would not have protected users from these exploits. I've seem these exploits used on telegram channels discussing the "Military Operation" in Ukraine... so one can guess who's behind them.


If you really need a VPN, I suggest you setup and amazon account, and you manage your locations, VPN servers and security yourself: that way you control everything up to the VPN server. But you can't control what happens after the VPN server. If your connecting using telnet, ftp or any non or weakly encrypted protocol, then the VPN only provides about 50% protection.


Best, Peter




Reply
User profile for user: deggie
deggie
User level: Level 10
167,519 points

Nov 7, 2022 9:56 AM in response to chielst

If you have a good VPN there should be a firewall. Incidents have occurred where some VPNs were breached and there are also cases where the VPN was harvesting data from their users. I wouldn't use a "free" VPN at all.


Is your employer having you use this VPN or are you trying to access sites in other countries that wouldn't otherwise be available to you?

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

iOS firewall between phone and VPN

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up