or Connect
AppleInsider › Forums › Mobile › iPhone › Apple plugs loopholes with security updates in iPhone OS 3.1
New Posts  All Forums:Forum Nav:

Apple plugs loopholes with security updates in iPhone OS 3.1

post #1 of 33
Thread Starter 
Through security fixes, Apple's latest update to the iPhone operating system has reportedly disabled unintended "features" that some handset users were able to access with the prior version.

According to The Unofficial Apple Weblog, the iPhone and iPod touch upgrade released this week now enforces server-side encryption of Microsoft Exchange, which disables access for all non-iPhone 3GS devices. That means that older iPhones and the iPod touch, which do not have encryption support, cannot access Exchange services.

"While many are reacting to this issue as though it's a bug, and are reporting it as such, the reality is that the Exchange encryption requirement is a feature and the fact that it was not being correctly enforced was actually a security hole," the report states. "IT administrators with Exchange 2007 SP1 servers and iPhone clients are probably going to be fielding an above-average level of incoming questions, but at least they can rest easy knowing that Exchange encryption is now working correctly. Cold comfort for their users, though."

With the operating system upgrade, affected users will see the notice "Policy Requirement - The account... requires encryption which is not supported on this iPhone/iPod." For now, the only workaround is to upgrade to the iPhone 3GS or disable server-side encryption to allow access.

While the iPhone 2.0 software brought business-class e-mail access via Microsoft Exchange ActiveSync right out of the box with the iPhone 3G, Exchange encryption was not supported until the iPhone 3GS debuted.

In another change with the latest iPhone upgrade, a simple tethering hack that worked in version 3.0 was disabled. Previously, users were able to enable the feature in the iPhone's software by flashing the firmware.

According to CNet, the 3.1 update has removed the tethering option under the device's Network settings. However, some have reported, with various versions of the AT&T carrier file, that the hack is still operating.

While AT&T is set to enable multimedia messaging on the iPhone 3G and iPhone 3GS on Sept. 25, official tethering between the handset and a computer has only been given an "in the future" release date thus far.
post #2 of 33
Great! This is better!
post #3 of 33
i read about this on Macrumors yesterday

a lot of people are now going to be whining to their IT departments. And supposedly this bug was serious enough that Apple mentioned on it's latest conference call that a fix was coming. Apparently a lot of IT departments were waiting on this before deploying or allowing iphones
post #4 of 33
I'm not giving up unofficial tethering until AT&T gives me an official version. If that means staying on 3.0.1 for the time being, so be it.

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply
post #5 of 33
post #6 of 33
Quote:
Originally Posted by John.B View Post

I'm not giving up unofficial tethering until AT&T gives me an official version. If that means staying on 3.0.1 for the time being, so be it.

John B,
How does unofficial tethering works? Also, how do I run Skype and other VoIP programs like Fring over 3G?

TIA
post #7 of 33
Quote:
Originally Posted by al_bundy View Post

http://www.wired.com/gadgetlab/2009/...ne-encryption/

for anyone interested

I heard that the encryption workaround was also fixed in 3.1, although I have not had anybody knowledgeable confirm this as fact.
post #8 of 33
Not affected. Waiting for thread regarding other changes which affect the majority of users such as video trim and MMS.
post #9 of 33
Quote:
Originally Posted by Gee4orce View Post

I heard that the encryption workaround was also fixed in 3.1, although I have not had anybody knowledgeable confirm this as fact.

only if you are connecting to Exchange 2007. I don't think Exchange 2003 has the option to enforce encryption on the mobile device. With 2007 it sounds like it will encrypt the entire file system
post #10 of 33
When you delete a mail message from your iPhone, it will no longer show up when you do a spotlight search as it did before. Thank you Apple.
post #11 of 33
Quote:
Originally Posted by AppleInsider View Post

... For now, the only workaround is to upgrade to the iPhone 3GS or disable server-side encryption to allow access ...

In a general sense, I think we have more of this sort of thing to look forward to. The iPhone 3G, not unexpectedly, is rapidly becoming the unwanted child in the iPhone family for a lot of reasons, even though they are still selling it.

The 3.0 software was a major leap forward, but on the regular 3G it introduced pauses and slow-downs of the interface for the first time. With the 3.1 update, many 3Gs are crashing and crashing hard. Mine turned into a brick 3 times yesterday and had to be hard re-set each time, it also lost some data in the process.

With each update the 3G gets clunkier and slower, while the 3Gs soars. I'd be surprised if they are still selling them by next summer except to the poor and downtrodden masses in the 3rd world or the US south.
post #12 of 33
the 3GS has hardware encryption to make it attractive to corporations who need security. Maybe OS 3 does encryption on the 3G as well but it's only software encryption which makes it slower?

Once Exchange 2010 is released later this year or early next year expect iphone OS 4 to take advantage of the new features and if you connect your iphone to a corporate email server then the IT people will have more control over it. that's what customers want
post #13 of 33
Quote:
Originally Posted by grover432 View Post

When you delete a mail message from your iPhone, it will no longer show up when you do a spotlight search as it did before. Thank you Apple.

Now that is major- all that porn spam I get.
Yes, thank you Apple.
post #14 of 33
Quote:
the iPhone and iPod touch upgrade released this week now enforces server-side encryption of Microsoft Exchange

Sort of. It's client-side, rather than server side - it now takes notice when Exchange asks the mail client to encrypt the mail, and tells you to get lost if the hardware's not up to it.

Quote:
which disables access for all non-iPhone 3GS devices

Only for Exchange servers that can enforce encryption, which is only 2007 onwards, and only if you turn it on. Earlier iPhones/iPod Touches with 3.1 will still work if it's not Exchange 2007 or the enforced encryption is turned off.

This isn't talking about the SSL encryption on the comms between the client and the server BTW, it's only concerned with encrypting the mail when it's stored on the client.

Quote:
For now, the only workaround is to upgrade to the iPhone 3GS or disable server-side encryption to allow access.

Or don't upgrade to OS 3.1, or downgrade back to 3.0 if you've already put it on, provided you're not concerned about your mail not being encrypted locally.

Alan.
post #15 of 33
there have been many improvements in bluetooth. I can now press & hold my bluetooth headset button, to activate voice recognition, and it all is piped through the headset, with outstanding recognition accuracy. Some of the other features of the headset now work fully.
perhaps it should of been done for some time, but I am grateful its been done, and done well
post #16 of 33
Quote:
Originally Posted by Right_said_fred View Post

there have been many improvements in bluetooth. I can now press & hold my bluetooth headset button, to activate voice recognition, and it all is piped through the headset, with outstanding recognition accuracy. Some of the other features of the headset now work fully.
perhaps it should of been done for some time, but I am grateful its been done, and done well

I think they have done some voice recognition improvements with 3.1. I had about a 50/50 fail ratio previously but now it recognizes my words much better. I noticed this particularly in distinguishing between two friends names that sound quite similar. It works every time now.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #17 of 33
Quote:
Originally Posted by Gazoobee View Post

In a general sense, I think we have more of this sort of thing to look forward to. The iPhone 3G, not unexpectedly, is rapidly becoming the unwanted child in the iPhone family for a lot of reasons, even though they are still selling it.

The 3.0 software was a major leap forward, but on the regular 3G it introduced pauses and slow-downs of the interface for the first time. With the 3.1 update, many 3Gs are crashing and crashing hard. Mine turned into a brick 3 times yesterday and had to be hard re-set each time, it also lost some data in the process.

With each update the 3G gets clunkier and slower, while the 3Gs soars. I'd be surprised if they are still selling them by next summer except to the poor and downtrodden masses in the 3rd world or the US south.


I agree. I have a 2ng gen iPod Touch, and it seems to have a lot more bugs and weird actions.
Additionally, am I the only one who got iPhone OS 3.1.1 when they upgraded as opposed to OS 3.1? It has a lot of bugs and am wondering if I accidentally got seeded a beta.
GIGO. The truth in all of life.
Reply
GIGO. The truth in all of life.
Reply
post #18 of 33
Quote:
Originally Posted by Right_said_fred View Post

there have been many improvements in bluetooth. I can now press & hold my bluetooth headset button, to activate voice recognition, and it all is piped through the headset, with outstanding recognition accuracy. Some of the other features of the headset now work fully.
perhaps it should of been done for some time, but I am grateful its been done, and done well

Bluetooth worked fine for me before and I have a stereo set with call recognition.
post #19 of 33
Why are Touch owners who upgraded to 3.0 from 2 in June @ $10 getting ripped off when you can now go to 3.1 from 2 for $5? Is Apple going to give me back $5? Of what basis is this downgrading the cost of their software? Was it overpriced to begin with for $10? That's barely 2 1/2 months old!
post #20 of 33
I would settle for Apple to start implementing the BT Standard as everyone else is doing so that my stereo BT Headset could skip forward or backwards. Why is it so hard for Apple to do the right thing when this has been standard on most mobiles for years (yes years)?
post #21 of 33
Quote:
Originally Posted by AjitMD View Post

John B,
How does unofficial tethering works? Also, how do I run Skype and other VoIP programs like Fring over 3G?

I'm using the benm.at profile and iPhone OS 3.0.1, which gives me tethering over the iPhone via both BlueTooth and the stock iPod 30-pin-to-USB cable. Until I get an official solution from AT&T, I need a backup and this will have to be it.

If you've upgraded to iPhone OS 3.1.1 while updating to iTunes 9, then the unofficial tethering profile from benm.at, etc. will NOT work. I'm told there is no going back to 3.0.1 once you've upgraded your iPhone to 3.1.1 (by design).

FWIW, I haven't personally run VoIP programs over mine, but understand that you would be fairly bandwidth constrained.

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply
post #22 of 33
Quote:
Originally Posted by teckstud View Post

Why are Touch owners who upgraded to 3.0 from 2 in June @ $10 getting ripped off when you can now go to 3.1 from 2 for $5? Is Apple going to give me back $5? Of what basis is this downgrading the cost of their software? Was it overpriced to begin with for $10? That's barely 2 1/2 months old!

If you are Touch owner that hadn’t paid for the update after 2.5 months of the update being out then it’s pretty likely that you never would at the $10 price. This reduced fee is typical business practice of dropping the price to move more product after the initial demand has waned. The update from 3.0 to 3.1 shouldn’t be confusing as it’s free to Touch users with 3.0 and moving to 3.1 offers nothing but bug fixes and slight refinements, not the extensive feature upgrade that we saw from 2.x to 3.0.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #23 of 33
Quote:
Originally Posted by grover432 View Post

When you delete a mail message from your iPhone, it will no longer show up when you do a spotlight search as it did before. Thank you Apple.

Ah, nice spot. Thanks. Is that part of OS 3.1 BTW?
post #24 of 33
Quote:
Originally Posted by teckstud View Post

Why are Touch owners who upgraded to 3.0 from 2 in June @ $10 getting ripped off when you can now go to 3.1 from 2 for $5? Is Apple going to give me back $5? Of what basis is this downgrading the cost of their software? Was it overpriced to begin with for $10? That's barely 2 1/2 months old!

No, they are not going to refund you any money. It's a matter of patience. Anyway, I think what they did was very surprising IMO.
post #25 of 33
Quote:
Originally Posted by SGSStateStudent View Post

No, they are not going to refund you any money. It's a matter of patience. Anyway, I think what they did was very surprising IMO.

That is a very common practice. The only surprising thing they did with the Touch was back in January 2008, 4 months after the initial Touch release in September 2007, when they sold 5 apps (Mail, Maps, Stocks, Notes and Weather) for an additional $20, that were already included on the iPhone and required no additional work on Apples part to add. Actually they would have had to remove them from the iPhone OS in order to make the Touch OS. They surely had the right to do so but it was quite cheap of them, especially with v2.0 coming 5 months later for only $10 and that had real changes to it.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #26 of 33
Do a Google search. I'm not the only one that has WiFi that is dropping and pig slow.

My 3G is faster than my WiFi.

I have done EVERYTHING ON APPLES BOARD TO TRY AND FIX IT.

OSX Failure
3.1 Failure

I want my WiFi back for the rest of my contract before I can get rid of my 3G POS.

If Apple is going to Brick a device after the new one comes out then put it on their site.

Try a Google search "Apple 3.1 unstable". It will take you to multiple threads on Apples site as well as many Apple Forum sites. I have 8 months until I can go to Android.

Fix 3.1. I could care less about the Vista like release of OSX. I want a stable phone.

Beta test your software on beta users not people who rely on their phone for business.
post #27 of 33
Quote:
Originally Posted by solipsism View Post

If you are Touch owner that hadn’t paid for the update after 2.5 months of the update being out then it’s pretty likely that you never would at the $10 price. This reduced fee is typical business practice of dropping the price to move more product after the initial demand has waned. The update from 3.0 to 3.1 shouldn’t be confusing as it’s free to Touch users with 3.0 and moving to 3.1 offers nothing but bug fixes and slight refinements, not the extensive feature upgrade that we saw from 2.x to 3.0.

Bottom line- It was overpriced, Touch users thumbed their nose at it, and now Apple is scrapping to move it. Just shy of desperation to make a measly $5!
GIVE IT UP APPLE. IT SHOULD BE FREE TO BEGIN WITH APPLE OR CHARGE 50 CENTS - WHAT IT'S REALLY WORTH, IF YOU'RE GONNA PLAY SARBANES-OXLEY ON US.
I WANT A $5 REFUND .
post #28 of 33
Quote:
Originally Posted by solipsism View Post

This reduced fee is typical business practice of dropping the price to move more product after the initial demand has waned. .

Great- so by your logic we can expect Snow Leopard @ $15 come December in time for Christmas.
post #29 of 33
Quote:
Originally Posted by teckstud View Post

Bottom line- It was overpriced, Touch users thumbed their nose at it, and now Apple is scrapping to move it. Just shy of desperation to make a measly $5!
GIVE IT UP APPLE. IT SHOULD BE FREE TO BEGIN WITH APPLE OR CHARGE 50 CENTS - WHAT IT'S REALLY WORTH, IF YOU'RE GONNA PLAY SARBANES-OXLEY ON US.
I WANT A $5 REFUND .

I don’t care for this accounting method and I have doubts that Apple would be in trouble if they gave it away, but you can’t say it’s overpriced if you choose to pay for it. Products drop in price all the time. You can now buy the old iPods at Apple’s refurbished section for less money than you could have a couple weeks ago.

PS: Why all the anger. Just because you don’t like SOx doesn’t mean it should get you to type in all caps. You either agree to the product at a price or you don’t.

Quote:
Originally Posted by teckstud View Post

Great- so by your logic we can expect Snow Leopard @ $15 come December in time for Christmas.

If Apple’s accountants run numbers that find they can profit more from reducing the price then Apple will likely do it. Business is business.

As for you time frame of Christmas and your price of $15, what method did you use to figure out that value at that time? At the very least you would have needed to have access to Apple’s sales figures for 10.6 and know what percentages of Macs have been converted to make any reasonable evaluation.

Historically, Mac users are pretty quick to convert their systems. I’d say this stems from being mostly used for consumers over corporate and that each new version offers more features while also speeding up the system. I’d say that the price point of $25 and that only 3 years and 8 months of Intel Macs can benefit from this update would make this even more true.

Again, this all depends on numbers. If for example, only 5% of iPod Touch users purchased the upgrade to v3.0 then I can see why they would lower the price. Getting a few million people to upgrade for $5 is better than not getting a few million to upgrade at $10.

* Note that Apple hasn’t raised the price back on rich Touch updates. Five apps for $20, then v2.x for $15, then v3.x for $10 and now v3.x for $5. We may be seeing Apple not seeing Apple having to lower prices because demand for the update is too lower on the older HW, but we’ll have to wait until next year to see what Apple charges for v4.0.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #30 of 33
After upgrading , My iPhone now keeps shutting down on it's own. I have to do a hard reset, home+power button. To unfreeze it and power it back up. Just pressing the power button doesn't work.

Quote:
Originally Posted by AppleInsider View Post

Through security fixes, Apple's latest update to the iPhone operating system has reportedly disabled unintended "features" that some handset users were able to access with the prior version.

According to The Unofficial Apple Weblog, the iPhone and iPod touch upgrade released this week now enforces server-side encryption of Microsoft Exchange, which disables access for all non-iPhone 3GS devices. That means that older iPhones and the iPod touch, which do not have encryption support, cannot access Exchange services.

"While many are reacting to this issue as though it's a bug, and are reporting it as such, the reality is that the Exchange encryption requirement is a feature and the fact that it was not being correctly enforced was actually a security hole," the report states. "IT administrators with Exchange 2007 SP1 servers and iPhone clients are probably going to be fielding an above-average level of incoming questions, but at least they can rest easy knowing that Exchange encryption is now working correctly. Cold comfort for their users, though."

With the operating system upgrade, affected users will see the notice "Policy Requirement - The account... requires encryption which is not supported on this iPhone/iPod." For now, the only workaround is to upgrade to the iPhone 3GS or disable server-side encryption to allow access.

While the iPhone 2.0 software brought business-class e-mail access via Microsoft Exchange ActiveSync right out of the box with the iPhone 3G, Exchange encryption was not supported until the iPhone 3GS debuted.

In another change with the latest iPhone upgrade, a simple tethering hack that worked in version 3.0 was disabled. Previously, users were able to enable the feature in the iPhone's software by flashing the firmware.

According to CNet, the 3.1 update has removed the tethering option under the device's Network settings. However, some have reported, with various versions of the AT&T carrier file, that the hack is still operating.

While AT&T is set to enable multimedia messaging on the iPhone 3G and iPhone 3GS on Sept. 25, official tethering between the handset and a computer has only been given an "in the future" release date thus far.
post #31 of 33
Quote:
Originally Posted by NonVendorFan View Post

SNIP!

I really don't understand why Apple has to rush out it's software updates, clearly unprepared and refined. This causes different problems and while it solves other OS problems, new ones surface and another update has to be rushed. I would rather want a slower released update which assures me no problems rather than a rushed, messed up one like 3.1. That's why my 3GS is still on 3.0. i'll wait for another 1 more month for them to sort out the kinks before I upgrade.
post #32 of 33
Last night I went to tether my MacBook to my iPhone 3G as I occasionally have done since the OS 3.0 update and got an error.

The tethering settings have gone, they are no longer there.

This is using my iPhone on it's original contract with my network (Vodafone Australia) who allow it.

A warning would have been nice, now my iPhone doesn't work as advertised on the Apple site.

My phone network directs me to an Apple troubleshooting page which doesn't work because THE SETTINGS in the instructions complete with screeshots AREN'T THERE.

It's like a warped version of the Monty Python Dead Parrot sketch.
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #33 of 33
Quote:
Originally Posted by Gazoobee View Post

In a general sense, I think we have more of this sort of thing to look forward to. The iPhone 3G, not unexpectedly, is rapidly becoming the unwanted child in the iPhone family for a lot of reasons, even though they are still selling it.

The 3.0 software was a major leap forward, but on the regular 3G it introduced pauses and slow-downs of the interface for the first time. With the 3.1 update, many 3Gs are crashing and crashing hard. Mine turned into a brick 3 times yesterday and had to be hard re-set each time, it also lost some data in the process.

With each update the 3G gets clunkier and slower, while the 3Gs soars. I'd be surprised if they are still selling them by next summer except to the poor and downtrodden masses in the 3rd world or the US south.

I was left with some apprehension after reading this comment, as clearly the 3.0 Update had severily affected my 3G's general performance (namely the interface smoothness). I've been waiting patiently for the 3.1 Update to see if things would go back to normal or if the 3G was indeed being quietly pushed aside by (deliberately introduced?) performance issues.

Well, yesterday I finally had the opportunity to make the upgrade and I am quite pleased (and relieved) to see things return to smooth territory. No more lag or jerkiness. It feels great once again and I'm no longer wondering if I should upgrade to a 3GS.

Seriously, the best thing about 3.1 is the one thing they haven't mentioned (and the only one I really cared about): general performance improvements.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Apple plugs loopholes with security updates in iPhone OS 3.1