1 min read

iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find

Silviu STAHIE

September 27, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find

Security researchers have identified a vulnerability in the iCloud Private Relay for iOS 15 that would let third parties circumvent protections and obtain the IP address.

Tracking users across multiple online domains is a sticky privacy problem because it takes many forms. Websites and companies are interested in tracking users, building shadow profiles, targeting them with ads, and more.

Some browsers and other services have tried to mitigate this problem with Do Not Track features, but they don’t always work. And new ways to track users are constantly developed, compounding the problem. Apple, trying to deal with this issue, launched a new service named iCloud Private Relay. Basically, they parse network requests from DNS and other services, hiding the actual IP of their users.

“It ensures that the traffic leaving your device is encrypted so no one can intercept and read it,” says Apple. “Then all your requests are sent through two separate internet relays. It’s designed so that no one — including Apple — can use your IP address, location, and browsing activity to create a detailed profile about you.”

Security researchers from FingerprintJS discovered that things don’t follow this pattern. Finding out the user’s actual IP address is not all that difficult, they say.

“Because Safari doesn’t proxy STUN requests through iCloud Private Relay, STUN servers know your real IP address,” the researchers explained. “This isn’t an issue on its own, as they have no other information; however, Safari passes ICE candidates containing real IP addresses to the JavaScript environment. De-anonymizing you then becomes a matter of parsing your real IP address from the ICE candidates — something easily accomplished with a web application.”

The vulnerability is only present in the iOS 15 stable build. Apple patched this issue in the macOS Monterey Beta released last week. Please keep in mind that iCloud Private Relay is part of the iCloud+ subscription, so it’s not available by default to everyone.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Dutch Police Send Warning Letter to Customers of DDoS-for-Hire Website Dutch Police Send Warning Letter to Customers of DDoS-for-Hire Website
Silviu STAHIE

October 15, 2021

1 min read
Australia Proposes Bold Plan to Fight Ransomware Attackers Australia Proposes Bold Plan to Fight Ransomware Attackers
Silviu STAHIE

October 14, 2021

1 min read
Anonymous Domain Name Registration Could Disappear in the European Union Anonymous Domain Name Registration Could Disappear in the European Union
Silviu STAHIE

October 14, 2021

1 min read