nb_key

> We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests. #Apple services that escape the VPN connection include Health, Maps, Wallet.We used @ProtonVPN and #Wireshark

RetpolineDrama

Wallet at least has a semi-plausible non-evil answer: Users who kick their VPN on to another country and try to use apple pay at checkout will unexpectedly get declined (because the purchase would appear to be coming from another country perhaps?).

Apple could fix that with proper UI though.

jaywalk

I don't see any reason why Apple Pay would use IP geolocation like that when it's running on a device that has GPS.

bierjunge

GPS can be easily spoofed.

Back in the university days, we (me + a few friends) used to get some radios and antennas to create a signal stronger than the one coming from satellites. It was always fun when the semester started and all freshmen were using Google Maps to navigate through the campus, but the map always showed their location in North Korea. Good ol' times.

pphysch

I thought GPS worked by triangulation? How did you use one transmitter to specifically misdirect receivers to believing they were in North Korea?

ballenf

> some radios and antennas

Still an impressive feat.

zikduruqe

I'm calling shenanigans. I used to work in a lab where we had GPS repeaters to test consumer equipment. That alone costs big bucks. And, we had the FAA come down on us big time, because our GPS repeater broadcast outside the building too far and we got into some hot water.

If you were spoofing GPS campus wide over 1.544 GHz and had all your GPS sentences correct, with simple radios and antennas... and you hadn't got in trouble with Uncle Charlie or the FAA....

imwillofficial

Spoofing GPS is trivial. Getting caught or not is a toss of the coin

zikduruqe

Cheating the location on my phone is gravy.

Broadcasting an RF signal to spoof GPS (and especially across a campus), that my friend, is not trivial or cheap.

livueta
> not trivial or cheap

From your previous comment, it sounds like your experience may have been from a while ago? In 2022, it is fairly trivial and cheap: https://github.com/osqzss/gps-sdr-sim

I can not ;^) personally confirm that this works with a HackRF, which is like $300, but probably also with any other reasonable tx-capable sdr.