Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: IPv6 Support in iOS 4 - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IPv6 Support in iOS 4

On monday, Apple released iOS 4 to the masses. Among numerous security fixes, one other feature that caught my interest was the availability of IPv6. The iPhone was one of a few holdouts in the mobile phone world that did not yet support IPv6. In some ways, the iPhone and similar devices is just why people feel we may need IPv6. Features like VoIP calling (e.g. Apple's new "Facetime" protocol) can work with NAT, but may possibly work better if the device has a globally routable IP address which may not be available in IPv4.

Screenshot of iOS 4 beta versions showed a new configuration setting for IPv6, allowing users to turn IPv6 support on and off. The final version as delivered to customers on Monday, no longer has this switch. Instead, IPv6 support is always turned on. In order to be functional, it does need to be connected to an IPv6 capable network.

In my tests, I connected the iPhone's WiFi network to my home network, which supports IPv6 and uses a router that advertises itself via IPv6 router advertisements. The iPhone did pick up an IPv6 address. The IPv6 address selected by the iPhone was derived from the MAC address (EUI-64). I personally would have preferred a privacy enhanced address.

iOS 4 does not appear to support any tunneling protocols. It will only use IPv6 in a dual stack configuration. I am going to update this diary as I get to experiment more with it.

Johannes B. Ullrich, Ph.D.
SANS Technology Institute


I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4479 Posts
ISC Handler
Jun 23rd 2010
So, installing a IPv6 DHCP server on a (IPv4-only) WLAN, and making your server as the default gateway should ensure all the traffic from v4 iPhones - bypassing much of the value of WPA :-(

Sign Up for Free or Log In to start participating in the conversation!