Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - IPv6 Support in iOS 4 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

IPv6 Support in iOS 4

Published: 2010-06-23
Last Updated: 2010-06-23 13:11:58 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

On monday, Apple released iOS 4 to the masses. Among numerous security fixes, one other feature that caught my interest was the availability of IPv6. The iPhone was one of a few holdouts in the mobile phone world that did not yet support IPv6. In some ways, the iPhone and similar devices is just why people feel we may need IPv6. Features like VoIP calling (e.g. Apple's new "Facetime" protocol) can work with NAT, but may possibly work better if the device has a globally routable IP address which may not be available in IPv4.

Screenshot of iOS 4 beta versions showed a new configuration setting for IPv6, allowing users to turn IPv6 support on and off. The final version as delivered to customers on Monday, no longer has this switch. Instead, IPv6 support is always turned on. In order to be functional, it does need to be connected to an IPv6 capable network.

In my tests, I connected the iPhone's WiFi network to my home network, which supports IPv6 and uses a router that advertises itself via IPv6 router advertisements. The iPhone did pick up an IPv6 address. The IPv6 address selected by the iPhone was derived from the MAC address (EUI-64). I personally would have preferred a privacy enhanced address.

iOS 4 does not appear to support any tunneling protocols. It will only use IPv6 in a dual stack configuration. I am going to update this diary as I get to experiment more with it.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

 

Keywords: ios iphone ipv6
1 comment(s)
Diary Archives