For those unfamiliar, Private Relay functions in a similar way to a VPN tunnel or how Tor works by routing a user’s encrypted network through relay servers before it reaches the internet. The service is currently still in beta and is only available in certain regions though it also requires a paid iCloud+ subscription.
Firewall regulations are being disregarded by Private Relay, which is transmitting data back. Apple’s VPN may violate firewall constraints and transfer data back to the iPhone maker’s servers due to a potential security weakness in iCloud Private Relay. Mullvad, a VPN business that was monitoring network connections while developing its own software, was the first to notice the breach. Get a free copy of the Hacker’s Manual 2022 if you share your opinions about cybersecurity. Get a free copy of the Hacker’s Manual 2022 if you share your opinions about cybersecurity. Assist us in determining how organisations are preparing for a post-Covid environment, as well as the ramifications of these initiatives on their cybersecurity strategies. To receive the $10.99/£10.99 bookazine, enter your email at the end of the survey.
TechRadar Pro reached out to Apple regarding this potential leak in iCloud Private Relay but we’ve yet to hear back at the time of writing. However, since the service is still in beta, this issue could be rectified before it becomes generally available. Since iCloud Private Relay’s beta release coincided with the launch of iOS 15, Apple could make the service available in full with the release of iOS 16 in September of this year. According to a new blog post from Mullvad, the VPN company was monitoring network connections when it noticed that QUIC traffic was leaving one of its computers outside of a VPN tunnel.
As such, the company believes that the leak itself is just some kind of heartbeat signal calling home to Apple. Although it’s impossible to know what information is transmitted to Apple’s servers, the leak does send a clear message to both your local network and ISP that you might be a macOS user. At this time, Mullvad is unaware of any way to prevent Private Relay from leaking user traffic back to Apple but the company recommends that users disable the feature altogether for the time being if their threat model forbids their local network or ISP from knowing what kinds of devices they’re currently using.
Disabling Apple’s Private Relay feature made the leaks stop and the company has even provided instructions so that other users can reproduce the leak on their own. Mullvad also pointed out in its blog post that Private Relay (mostly) disables itself as soon as any firewall rule is added to the Packet Filter (PF) system firewall on macOS devices.
After getting his start at ITProPortal while living in South Korea, Anthony now writes about cybersecurity, web hosting, cloud services, VPNs and software for TechRadar Pro. In addition to writing the news, he also edits and uploads reviews and features and tests numerous VPNs from his home in Houston, Texas. Recently, Anthony has taken a closer look at standing desks, office chairs and all sorts of other work from home essentials. When not working, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.