Apple plugs loopholes with security updates in iPhone OS 3.1

Posted:
in iPhone edited January 2014
Through security fixes, Apple's latest update to the iPhone operating system has reportedly disabled unintended "features" that some handset users were able to access with the prior version.



According to The Unofficial Apple Weblog, the iPhone and iPod touch upgrade released this week now enforces server-side encryption of Microsoft Exchange, which disables access for all non-iPhone 3GS devices. That means that older iPhones and the iPod touch, which do not have encryption support, cannot access Exchange services.



"While many are reacting to this issue as though it's a bug, and are reporting it as such, the reality is that the Exchange encryption requirement is a feature and the fact that it was not being correctly enforced was actually a security hole," the report states. "IT administrators with Exchange 2007 SP1 servers and iPhone clients are probably going to be fielding an above-average level of incoming questions, but at least they can rest easy knowing that Exchange encryption is now working correctly. Cold comfort for their users, though."



With the operating system upgrade, affected users will see the notice "Policy Requirement - The account... requires encryption which is not supported on this iPhone/iPod." For now, the only workaround is to upgrade to the iPhone 3GS or disable server-side encryption to allow access.



While the iPhone 2.0 software brought business-class e-mail access via Microsoft Exchange ActiveSync right out of the box with the iPhone 3G, Exchange encryption was not supported until the iPhone 3GS debuted.



In another change with the latest iPhone upgrade, a simple tethering hack that worked in version 3.0 was disabled. Previously, users were able to enable the feature in the iPhone's software by flashing the firmware.



According to CNet, the 3.1 update has removed the tethering option under the device's Network settings. However, some have reported, with various versions of the AT&T carrier file, that the hack is still operating.



While AT&T is set to enable multimedia messaging on the iPhone 3G and iPhone 3GS on Sept. 25, official tethering between the handset and a computer has only been given an "in the future" release date thus far.
«1

Comments

  • Reply 1 of 32
    Great! This is better!
  • Reply 2 of 32
    al_bundyal_bundy Posts: 1,525member
    i read about this on Macrumors yesterday



    a lot of people are now going to be whining to their IT departments. And supposedly this bug was serious enough that Apple mentioned on it's latest conference call that a fix was coming. Apparently a lot of IT departments were waiting on this before deploying or allowing iphones
  • Reply 3 of 32
    john.bjohn.b Posts: 2,742member
    I'm not giving up unofficial tethering until AT&T gives me an official version. If that means staying on 3.0.1 for the time being, so be it.
  • Reply 4 of 32
    al_bundyal_bundy Posts: 1,525member
  • Reply 5 of 32
    Quote:
    Originally Posted by John.B View Post


    I'm not giving up unofficial tethering until AT&T gives me an official version. If that means staying on 3.0.1 for the time being, so be it.



    John B,

    How does unofficial tethering works? Also, how do I run Skype and other VoIP programs like Fring over 3G?



    TIA
  • Reply 6 of 32
    Quote:
    Originally Posted by al_bundy View Post


    http://www.wired.com/gadgetlab/2009/...ne-encryption/



    for anyone interested



    I heard that the encryption workaround was also fixed in 3.1, although I have not had anybody knowledgeable confirm this as fact.
  • Reply 7 of 32
    teckstudteckstud Posts: 6,476member
    Not affected. Waiting for thread regarding other changes which affect the majority of users such as video trim and MMS.
  • Reply 8 of 32
    al_bundyal_bundy Posts: 1,525member
    Quote:
    Originally Posted by Gee4orce View Post


    I heard that the encryption workaround was also fixed in 3.1, although I have not had anybody knowledgeable confirm this as fact.



    only if you are connecting to Exchange 2007. I don't think Exchange 2003 has the option to enforce encryption on the mobile device. With 2007 it sounds like it will encrypt the entire file system
  • Reply 9 of 32
    When you delete a mail message from your iPhone, it will no longer show up when you do a spotlight search as it did before. Thank you Apple.
  • Reply 10 of 32
    gazoobeegazoobee Posts: 3,754member
    Quote:
    Originally Posted by AppleInsider View Post


    ... For now, the only workaround is to upgrade to the iPhone 3GS or disable server-side encryption to allow access ...



    In a general sense, I think we have more of this sort of thing to look forward to. The iPhone 3G, not unexpectedly, is rapidly becoming the unwanted child in the iPhone family for a lot of reasons, even though they are still selling it.



    The 3.0 software was a major leap forward, but on the regular 3G it introduced pauses and slow-downs of the interface for the first time. With the 3.1 update, many 3Gs are crashing and crashing hard. Mine turned into a brick 3 times yesterday and had to be hard re-set each time, it also lost some data in the process.



    With each update the 3G gets clunkier and slower, while the 3Gs soars. I'd be surprised if they are still selling them by next summer except to the poor and downtrodden masses in the 3rd world or the US south.
  • Reply 11 of 32
    al_bundyal_bundy Posts: 1,525member
    the 3GS has hardware encryption to make it attractive to corporations who need security. Maybe OS 3 does encryption on the 3G as well but it's only software encryption which makes it slower?



    Once Exchange 2010 is released later this year or early next year expect iphone OS 4 to take advantage of the new features and if you connect your iphone to a corporate email server then the IT people will have more control over it. that's what customers want
  • Reply 12 of 32
    Quote:
    Originally Posted by grover432 View Post


    When you delete a mail message from your iPhone, it will no longer show up when you do a spotlight search as it did before. Thank you Apple.



    Now that is major- all that porn spam I get.

    Yes, thank you Apple.
  • Reply 13 of 32
    Quote:

    the iPhone and iPod touch upgrade released this week now enforces server-side encryption of Microsoft Exchange



    Sort of. It's client-side, rather than server side - it now takes notice when Exchange asks the mail client to encrypt the mail, and tells you to get lost if the hardware's not up to it.



    Quote:

    which disables access for all non-iPhone 3GS devices



    Only for Exchange servers that can enforce encryption, which is only 2007 onwards, and only if you turn it on. Earlier iPhones/iPod Touches with 3.1 will still work if it's not Exchange 2007 or the enforced encryption is turned off.



    This isn't talking about the SSL encryption on the comms between the client and the server BTW, it's only concerned with encrypting the mail when it's stored on the client.



    Quote:

    For now, the only workaround is to upgrade to the iPhone 3GS or disable server-side encryption to allow access.



    Or don't upgrade to OS 3.1, or downgrade back to 3.0 if you've already put it on, provided you're not concerned about your mail not being encrypted locally.



    Alan.
  • Reply 14 of 32
    there have been many improvements in bluetooth. I can now press & hold my bluetooth headset button, to activate voice recognition, and it all is piped through the headset, with outstanding recognition accuracy. Some of the other features of the headset now work fully.

    perhaps it should of been done for some time, but I am grateful its been done, and done well
  • Reply 15 of 32
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by Right_said_fred View Post


    there have been many improvements in bluetooth. I can now press & hold my bluetooth headset button, to activate voice recognition, and it all is piped through the headset, with outstanding recognition accuracy. Some of the other features of the headset now work fully.

    perhaps it should of been done for some time, but I am grateful its been done, and done well



    I think they have done some voice recognition improvements with 3.1. I had about a 50/50 fail ratio previously but now it recognizes my words much better. I noticed this particularly in distinguishing between two friends names that sound quite similar. It works every time now.
  • Reply 16 of 32
    Quote:
    Originally Posted by Gazoobee View Post


    In a general sense, I think we have more of this sort of thing to look forward to. The iPhone 3G, not unexpectedly, is rapidly becoming the unwanted child in the iPhone family for a lot of reasons, even though they are still selling it.



    The 3.0 software was a major leap forward, but on the regular 3G it introduced pauses and slow-downs of the interface for the first time. With the 3.1 update, many 3Gs are crashing and crashing hard. Mine turned into a brick 3 times yesterday and had to be hard re-set each time, it also lost some data in the process.



    With each update the 3G gets clunkier and slower, while the 3Gs soars. I'd be surprised if they are still selling them by next summer except to the poor and downtrodden masses in the 3rd world or the US south.





    I agree. I have a 2ng gen iPod Touch, and it seems to have a lot more bugs and weird actions.

    Additionally, am I the only one who got iPhone OS 3.1.1 when they upgraded as opposed to OS 3.1? It has a lot of bugs and am wondering if I accidentally got seeded a beta.
  • Reply 17 of 32
    teckstudteckstud Posts: 6,476member
    Quote:
    Originally Posted by Right_said_fred View Post


    there have been many improvements in bluetooth. I can now press & hold my bluetooth headset button, to activate voice recognition, and it all is piped through the headset, with outstanding recognition accuracy. Some of the other features of the headset now work fully.

    perhaps it should of been done for some time, but I am grateful its been done, and done well



    Bluetooth worked fine for me before and I have a stereo set with call recognition.
  • Reply 18 of 32
    teckstudteckstud Posts: 6,476member
    Why are Touch owners who upgraded to 3.0 from 2 in June @ $10 getting ripped off when you can now go to 3.1 from 2 for $5? Is Apple going to give me back $5? Of what basis is this downgrading the cost of their software? Was it overpriced to begin with for $10? That's barely 2 1/2 months old!
  • Reply 19 of 32
    I would settle for Apple to start implementing the BT Standard as everyone else is doing so that my stereo BT Headset could skip forward or backwards. Why is it so hard for Apple to do the right thing when this has been standard on most mobiles for years (yes years)?
  • Reply 20 of 32
    john.bjohn.b Posts: 2,742member
    Quote:
    Originally Posted by AjitMD View Post


    John B,

    How does unofficial tethering works? Also, how do I run Skype and other VoIP programs like Fring over 3G?



    I'm using the benm.at profile and iPhone OS 3.0.1, which gives me tethering over the iPhone via both BlueTooth and the stock iPod 30-pin-to-USB cable. Until I get an official solution from AT&T, I need a backup and this will have to be it.



    If you've upgraded to iPhone OS 3.1.1 while updating to iTunes 9, then the unofficial tethering profile from benm.at, etc. will NOT work. I'm told there is no going back to 3.0.1 once you've upgraded your iPhone to 3.1.1 (by design).



    FWIW, I haven't personally run VoIP programs over mine, but understand that you would be fairly bandwidth constrained.
Sign In or Register to comment.