I have installed an app on iOS to connect to a well-known VPN service. The app r

Question

I have installed an app on iOS to connect to a well-known VPN service. The app requests installation of a profile onto iOS, which as far as I can see are a collection of 7 certificates - 5 of which are signing certificates.

As a novice in this area who's sought to self-educate on the internet I may well have misunderstood. But, in theory, if 'rogue' signing certificates were installed in iOS wouldn't that allow a MITM attack to go unnoticed? That is, for a modified SSL certificate to be sent to the client, and the 'rogue' signing certificate confirm that the certificate is valid?

If that is the case, I am somewhat concerned about installing these signing certificates within iOS. Are the certificates global? So that, for instance, Safari would rely on them when verifying an SSL cert of a website? Or are they 'sanboxed' to the use of the VPN service? I've tried finding this information but can't seem to find any information on it.

Any help you can give would be greatly appreciated.

Explanation / Answer

No. The profile you're required to install contains the parameter (and the certificates as well) to establish a secure tunnel between your endpoint and the VPN provider. Once connection have been established, at worst the ISP could perform (in abstract) the MITM attack because all your traffic is redirected throughout their server. Perhaps, if you're concerned about privacy, keep in mind that all your browsing will be logged from VPN provider...

You can always have a look inside that certificates by using the apple configurator utility. You'll better understand how do they work on your phone policies.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.