The operating system iOS 7 Apple moved to the new network protocol Multipath TCP, can transmit data through multiple network interfaces simultaneously. Experts argue that this technology has a dangerous vulnerability that jeopardizes the safety of users of the iPhone and the iPad.
At the Black Hat experts published the results of a study on the lack of a modern software technology for the protection of Multipath TCP, used in the mobile operating system, Apple and some equipment from Cisco and Juniper. MPTCP - improved version of this traditional protocol TCP, allowing simultaneous transmission of multiple data paths connecting, for example, Wi-Fi and cellular network, thereby increasing the speed and reliability. When using it on the iPhone and iPad data packets can be sent and received simultaneously via Wi-Fi and LTE / 3G.
In the IETF until just experimenting with Multipath TCP, but backwards compatible with TCP already allows the use of an updated protocol, and this benefited at Apple. But the problem is that the division of the flow of data between multiple network channels "confusing" intended for conventional TCP firewalls and tools Deep packet inspection, the researchers say. As a result of using MPTCP can "get around almost any security software."
One of the features MPTCP is that using technology disappears binding to a particular IP-address - data stream may come from multiple addresses, security is not "see" all packets and can not completely detect malicious activity. According to the researchers, today there are no security software that takes into account this feature.