Apple’s iOS 9 breaks VPNs
Mon 21 Sep 2015
Apple’s iOS 9 has been built to meet various security standards, but researchers have discovered that the latest update also breaks a key security feature – Virtual Private Network (VPN) connections to corporate servers.
The flaw was first detected in the iOS 9 beta, and has not been fixed in the released version. Neither has the bug been removed in the current iOS 9.1 beta.
Cisco reported the bug on social media, claiming that they had noticed “a couple of OS regressions between iOS 8.4.1 and iOS 9 […] Most notable is that when doing split tunneling, the Tunnel All DNS option no longer functions as expected. This was reported to Apple under Radar # 22558059. This is not resolved in the iOS 9 release.”
Due to this incompatibility, DNS resolution will not work for some users depending on their network setup. Some corporate servers will no longer be available to users, even after successful login.
The iOS 9 bug does not affect in-house corporate connections to servers, only VPN access. In addition to the popular Cisco AnyConnect service, reports suggest other VPN providers are also affected.
To re-access VPN connections, users should uninstall iOS 9 and revert back to iOS 8.4.1, restoring the device backup from iTunes – and not from iCloud. However, iOS backups are automatically cleared out by Apple, so .ipsw backup files may no longer be available. In this case, the downloads can be found online, but this puts the user at risk of choosing a jailbroken version containing malicious code. Files can also be found directly from Apple, but the device will be factory reset.
VPN’s are a continual source of controversy, with many organisations and countries ready to ban the secure network tool. Russia in particular has taken an extremely aggressive stance against its use, suggesting that restricting anonymising networks will “increase opportunities to counter the commercial distribution of malware” and help to reduce access to “forbidden” information online.