When we first found out about the TunnelCrack vulnerability, we immediately checked our apps and verified it only impacted the ExpressVPN app for iOS.
Next, our engineering team worked to develop a fix, which was deployed to all customers using the ExpressVPN app for iOS on July 17, 2023.
The fix we put in place sends you a notification when the ExpressVPN app for iOS detects you are connected to an unsecured Wi-Fi network vulnerable to TunnelCrack. This notification warns you that your device is connected to an unsecured Wi-Fi network and at risk from TunnelCrack, and recommends you turn off local network access.
To turn off local network access:
- Open the ExpressVPN app for iOS and tap Options > Settings > Network Protection.
- Toggle Block internet when VPN connection is interrupted on.
- Toggle Allow access to devices on local network off.