Feeds

back to article Apple security update leaves iPhone 3G users unprotected

Apple is leaving some of its older mobile devices unprotected with its latest patch batch. An iOS 4.3 update, which includes a number of critical security fixes, is incompatible with the still widely used iPhone 3G and older versions of the iPod Touch. The latest version of Apple's mobile software can only be applied on the …

COMMENTS

This topic is closed for new posts.

Page:

Alien

thank goodness

that i only use/used opera on my symbian, android and iphone devices? it's an acquired taste but i like having the same browser on all devices.

2
2
Anonymous Coward

pointless title is pointless

USE OPERA IT'S GREAT!!!!!!!!!11

We know of it, we don't care about it and we really wish Opera users would shut up about it.

4
0
Anonymous Coward

The title is required, and must contain letters and/or digits.

"Apple should still produce patches, otherwise security conscious people would have to upgrade."

Ummm... Isn't this the idea? Apple - the same Apple that wants 30% from all subscription revenue for content viewed on their iThingies - is hardly likely to go out of their way to not encourage people to spend more money on new gear...

4
0
Jobs Horns

@ the 3G owners out there..

Just stump-up for a new iPhone. Not that big of a deal.

Steve

Sent from my (company) iPhone

13
0

The title is required, and must contain letters and/or digits.

"Apple should still produce patches, otherwise security conscious people would have to upgrade."

I'm sure Apple is real broken up over the idea that security conscious people would have to upgrade.

4
0

No support for a 2.5 year old device?

<sarcasm>Why no iOS 4.3 for my iPhone 2g eh, that's what I want to know!</sarcasm>.

Seriously though, I'm actually curious to know peoples opinion on what time span of official support you should expect for a non-shipping device? I'm not condoning apple here because I fell into this trap when I stopped getting iOS updates for my 2g iPhone - I'm just curious to know what people think the cutoff should be, because you can't support everything indefinitely. Although MS seem to be doing a very good job with XP ;-)

As a similarity, the T-Mobile G1 was released a few months after the iPhone 3G (I think?!?!?) and at what point did official firmware updates stop coming for that? This is where Android > iOS in that the dev community has taken over and I think you can get hacked ROM's of gingerbread for it - not sure on performance but I understand it works?!?!

It's fairly obvious that Apple are never going to let iOS loose for the dev's to hack around with a'la Android, but it'd be nice to see some sort of official "we will provide OS updates for X years" when you purchase a device. When did Apple stop 'shipping' the 3G btw? Launch of the iPhone 4 - I can't remember now!

1
7
Thumb Down

@SAP Bod

"Seriously though, I'm actually curious to know peoples opinion on what time span of official support you should expect for a non-shipping device? I'm not condoning apple here because I fell into this trap when I stopped getting iOS updates for my 2g iPhone"

I'd expect any software update that COULD work on my device if it wasn't arbitrarily locked out for commercial reasons to be available.

If there was something in iOS 4.3 that could not work on 3G iPhones for technical reasons then that's fair enough, but I suspect that they are just excluded for no other reason than to encourage those people - who probably still have perfectly functioning phones - to upgrade.

2
0
Jobs Horns

Life of the contract?

I'd say about 24 months is reasonable, or the length of the contract you took out for the phone. After that you'll probably be looking at a new phone anyway.

2
5

'Works'?

That depends on your definition of 'works'. The perceived wisdom is that iOS 4.x never worked on the 3G at all.

0
1
FAIL

@SAP Bod

At least for as long as I have my contract on that phone. If my iPhone (yes I know, we all do big mistakes...this was my) was 3 years, I would expect to be supported for at least 3 years from the time I made the purchase.

1
0
Anonymous Coward

The title is required, and must contain letters and/or digits.

"I'm just curious to know what people think the cutoff should be, because you can't support everything indefinitely. Although MS seem to be doing a very good job with XP ;-)"

If it's a critical security fix, I think it should be supported indefinitely. To put it into perspective, motor manufacturers have to support recalls indefinitely.

2
0
Silver badge

Other manufacturers

I bought my Samsung Galaxy S in November 2010, and they stopped doing updates for it in December when the the Nexus S came out. You can still get the Galaxy S in Carphone Warehouse now and elsewhere now.

0
1

wtf?

Except that Samsung have alread said they will release Gingerbread for it - you just gotta be patient.

1
0
Silver badge

@SAP Bod

>what time span of official support you should expect for a non-shipping device?

In my view, length of warranty +one year. EU rules imply a 2-year warranty so that would probably be 3 years.

But I also favour a £10 per year subscription solution for up to 5 years.

That said, people often pass ex-contract phones onto relatives. If some vulnerability were being exploited that might lead to fraud or loss of money I would expect it either be fixed or a warning issued to stop using the devices, up to (something like) 6 years. Out of simple decency.

0
0
Gold badge

Fairly common

That's pretty common in the phone industry. Largely because the phone manufacturer doesn't get a single penny of payment for the OS, often they have to pay out to get the OS or licence something (think Google Marketplace).

The real issue here is why the built in applications have to be built in? why can't the browser be upgraded separately to the rest of the firmware?

Okay, that carries a risk of rogue applications replacing the default ones and stealing information, but I'm sure that can be protected against.

0
0

Re: @SAP Bod

"I'd expect any software update that COULD work on my device if it wasn't arbitrarily locked out for commercial reasons to be available."

The problem is that whilst this is great for the consumer, it's not an economically viable business model.

There are significant costs associated with developing, testing, releasing and maintaining code for older devices which - because they are still getting updates - will cannibalise your current hardware sales.

In addition, there is nothing wrong with encouraging people to upgrade after a certain (reasonable) timeframe and I think that 2.5 years is pretty reasonable when you consider the length of contracts and that only a couple of years ago we got the software that came with the phone and it never received any updates to fix bugs it its entire life - let alone new functionality.

Just so long as all the features you have on your current phone continue to work when it is discontinued then I don't really see the issue. You bought the phone for the functionality it had 2.5 years ago and now you still have that functionality plus a bit more you got for free.

It's not like you've lost out.

0
0

This post has been deleted by a moderator

Jobs Halo

Processor

Erm that'd be that the 4.3 is built to take advantage ARM7 processors and the 2G and 3G both used ARM6... so in actual fact, not it's not just arbitrarily locked out, there is actually a hardware reason.

0
0
Silver badge

Re: wft

Samsung India said at one point that they would release Gingerbeard[sic] and then withdrew the statement. I think that means they won't.

0
0
Anonymous Coward

Gingerbread

A beta of the official Galaxy S Gingerbread ROM has already leaked and people are using it on their phones. It's expected that it will be released for the European version of the Galaxy S in the next couple of weeks. You will get it (unless you're in the US and then there's no guarantee the carriers will pass it on).

0
0

Which world do you live in?

"Companies should have a legal responsibility to provide security updates for at least 5 years, this would encourage them to make sure their devices aren't so riddled with security flaws like the iPhone and Windows is in the first place."

No they wouldn't, they'd just pass the long-term support costs onto the consumer, just like they do now when legally obliged to do anything (e.g. WEEE directive).

I'm not sure why Apple are being singled out here, Nokia only tend to produce firmware for phones for about 18 months from launch (even though the handset may still be on sale), HTC for about six months from launch (no, the community porting the latest version of Android is not the same thing) and Sony just seem to make it up by handset.

Arguments about it matching the length of contract are silly if you think about it - the warranty on your sofa from DFS doesn't last four years just because you take out four year financing.

That said, I do think there is an argument in favour of security updates being made available for at least the length of the warranty, so that if you buy a phone at the end of it's life you can at least expect some level of support. And, of course, if you take out an extended warranty then that would need to be included in the coverage.

Again, I can't see any manufacturer that does this properly apart from maybe Google's Nexus series but it may be a little early in the life cycle to judge properly as it's only 14 months old and Gingerbread is not yet officially available.

0
0
Anonymous Coward

iPhone 3G?

Forget that, I'm still waiting for my Hayes modem to be patched for that way worse bug +++ ATH0, oh sh

1
0
Thumb Down

iPhone 2g...

Yep, I'm still using an iPhone 2g. It makes calls and accesses data, and does what I want. Apple really should be kicked quite hard for dropping support for devices quite so quickly...

8
1

It's all context

Pretty much all mobile phone manufacturers have traditionally stopped support for handsets not long after the things have disappeared off the shop shelf. Apple had the choice of acting like a PC manufacturer (support for 5 years after launch kind of deal) or acting like a handset maker ('Fix? The fix is to buy a new one.'). In the end they seem to have chosen a middle ground. The bare fact is you can't please all of the people all of the time - a subset of people will always want 'support' for any product long after it's economically viable to provide it.

I think two years after a device has been superseded is pretty much as long as you're going to get in the real world. The fact Android hackers can take over patches doesn't mean the G1 is being 'supported', because it plainly isn't. You can still get people who will help you fix a ZX spectrum, after all.

2
1

LIES

This is just negative propaganda, everyone knows that all Apple devices are magical and never have any problems nor virii. It's impossible. Buy anything Apple and your life is transported to a realm of blissful happiness. Just don't have any illusions about buys media from the nasty "outside".

1
4
Gold badge

Apple is different

If you can name me another phone manufacturer who has provided two *major* updates to their customers for free then I'll accept that Apple aren't different. But I'm guessing you won't find one.

iPhone 2G - 1.0 to 3.0

iPhone 3G - 2.0 to 4.0

iPhone 3GS - 3.0 to 5.0?

iPhone 4 - 4.0 to 6.0?

Every smartphone I have owned has only given me about 2 minor firmware updates.

0
0

Split out Safari from iOS?

Could Apple split out Safari from iOS and treat it as an 'App' in the app-store or is it too entrenched within the core iOS? Splitting it out would mean Apple could patch vulnerabilities more easily and keep the core iOS updates for major functionality changes / enhancements in-line with the hardware revisions?

0
0
Anonymous Coward

Original iPhone & iPhone 3G EOL

Yes, this is a good point. I have two relatives using hand-me-down iPhones that are end-of-life. Of course, the bulk of the iOS v4.3 update is unusable on older iPhones, Apple should clearly be putting out security updates.

While people here can argue about supporting devices indefinitely, it should be noted that Apple invented adding new features for free, WAY AFTER purchase...or EVER. How many phones got updated after buying it...before an iPhone. Oh. NONE.

In the meantime, just use Opera on your iOS device. It really is rocket-fast & easy to use. (The new Opera Mini 6, for iPhone & iPad will be even better with smooth zooming & Retina Display support.)

(For the few javascript-heavy sites you view, just use the insecure Mobile Safari, but be careful.) ;)

FYI: iPhone released June 2007, EOL Feb 2010 w/ IOS v3.2 unsupported...34 months

iPhone 3G released June 2008, EOL today w/ iOS v4.3...33 months.

http://en.wikipedia.org/wiki/IPhone_OS_version_history

2
5

Check your math

Buyers could have purchased the 3G until June 2009, or 21 months ago. They would still be under contract to use a phone with known security flaws.

2
0
Bronze badge
FAIL

Apple invented the mouse too... right?

I used to get system updates on my Nokia 6110 waaaaay back in 2000 over the AT&T network..... try again fanboi.

1
0
Gold badge

LOL

But were they major updates? I doubt it. Nokia 6110 was too limited, unless a patch to the Snake game counts for something?

I think you're confusing software upgrades with carrier upgrades? carrier upgrades are just updates to configuration.

0
0
TWB

These vulnerabilities?....

...I read about them but I do not read about them being exploited.

I mean it seriously - am I not reading the right stuff of are hackers getting lazy, bored etc? - is it now not worth the effort to exploit a careless user i.e. there is no money (or glory) in it?

0
0
Flame

not happy

having brought a new I pod 8Gb only 6-7 months ago I am not happy that it is no longer being supported. There was never a 3rd Gen 8Gb version so now after a few months of ownership my device is no longer supported?????

3
0
Unhappy

Is it actually available now?

I read the original article yesterday, went home but iTunes told me there were no updates available.

Maybe I didn't read the article closley enough, is the latest version supposed to be available right now in the UK?

0
0
Thumb Down

Yep it's available in the uk

I updated yesterday, it feels a bit nippier generally than the last, but then that slowed mine right down.

As for the personal hotspot, I have the option, but O2 won't let me use it without paying them an extotionare extra monthly fee to allow another device to use my limited amount of data

0
0

title

This is one of the few areas where I think Apple could learn a bit from Microsoft.

Microsoft's Support Lifecycle policy (http://support.microsoft.com/lifecycle/) means as soon as a product hits, we know how long it's going to be around and will be supported for, and can plan accordingly.

It includes dates that it will stop being sold, dates that feature requests and bespoke patches will stop, and, most importantly, the date that critical security updates will stop, all laid out up to 7 years ahead of time.

You may grumble that it's not a long enough timeframe, but at least you can't say you weren't warned beforehand, and knew how long it was before you product would remain unpatched before purchase if you cared to look.

Take the Apple XServe issue: From a current, shipping product to discontinued in a little under 4 months, with spares only guaranteed until the end of your current Applecare Agreement. Just reading the apple forums, it threw a major and unexpected spanner into some customers lives: http://discussions.apple.com/thread.jspa?threadID=2638103&tstart=1

Apple likes playing things close to their chest, which obviously works well for them, but if they took on-board some of lessons Microsoft learned through it's trustworthy computing initiative - consistent security bulletin procedures, defined disclosure procedures, and well publicised roadmaps and lifecycles - think how much more confidence SMB and enterprise IT would have in putting Apple product front and centre of their long term planning - something many are reluctant to do for these kind of issues.

2
0
Anonymous Coward

I don't see it

I don't see any Microsoft "lifecycle policy" for anything newer than Windows Phone 5.0.

Where the policy for 6.5? Where's the one for Windows Phone 7?

I think one lesson here is don't apply the same rules to phones and desktop machines. They're very different things.

The other lesson is never buy dedicated servers from companies you know are selling too few to make it profitable and expect long term service. This goes for Apple and many other companies.

I don't see any other problem. SMBs, especially, should have no problem installing Mac desktops and notebooks. Just don't expect to follow the same script as with Windows.

0
0
Anonymous Coward

Join the crowd

Purchased my Apple Newton MessagePad 2100 and after a mere 15 years I find it's no longer supported! I waited and waited but since there was never another version with PCMCIA cards I wouldn't upgrade.

We didn't even get Safari, let alone an updated version. With a whole 4Mb of RAM they should be able to stick it in no problem. Shocking!

But now, really, the problem with the 3G is it only had 128MB RAM. Not enough for the new Safari which comes with super fast Javascript interpreter. So don't get your hopes up, I'm sorry to say.

0
2
Anonymous Coward

Err...

Macos x 10.4 out of support after, what 5 or 6 years?

Win XP still supported after 10.

1
2
Anonymous Coward

Come on..

Everyone knows XP was only really supported that long because no one moved to Vista and businesses would have carved a crater in Microsoft should they have dropped it.

On the other hand OSX 10.5 worked fine.

Don't make yourself look dumb.

2
2
Silver badge

PKB

XP support was extended for an additional three to five years due to low take-up of Vista, but that still means it was supported for ten to twelve years after launch instead of seven years. In contrast, the iPhone 3G was released in July 2008 and is no longer being supported 32 months later.

Hardware is not software, though. I would expect hardware to be supported through its realistic expected lifespan - and so long as my device has the capacity to use the current round of software upgrades, I would expect to be allowed to do so. If Apple are ready to admit that the expected lifespan of its flagship product is less than three years, then you would have to be a moron to buy it.

3
0
FAIL

Re: Err...

That's very nice, but you're talking about computer operating systems and we're talking about mobile operating systems.

Different products, different eco-systems, different sales strategies, different purchasing models, different support models...

1
3
Jobs Horns

otherwise security conscious people would have to upgrade

And this is Apples problem how exactly?

0
1
Linux

Oh the Humanity!!

Oh the iOS frag-mun-tay-shun!

2
1
FAIL

No assurance in untested products.

A product that is not tested such as:

o All linux platforms as their overall market share is considered so minuscule its not worth testing in the minds of some.

o Opera and other browsers

o Any other platform not in the various competitions and security evaluation / researcher programs.

From a risk management point of view, not being testes is *NOT* something to be proud of as this represents a risk in itself. Being tested and failed gives more assurance as to what was tested, what succeeded in being reduced or mitigated and what failed to be reduced or mitigated.

I see untested products as more dangerous than tested as they are no longer in the security life cycle management process with the same level of scrutiny and transparency.

0
1
Silver badge

6 years

Be interesting to test this, but UK law says that consumers are entitled to a partial refund or full repair if a fault appears. After the first 6 months of ownership, the burdon to show that it's a fault that's existed since the start falls to the consumer, however it should be fairly easy to prove.

1
0
Anonymous Coward

Interesting...

Ahah would be extremely funny to apply that to software, computers, digital cameras, etc.

Having said that it would ruin the IT industry, or you'd start paying at least double on everything going into the UK market.

0
0
Silver badge
WTF?

Bingo! "otherwise security conscious people would have to upgrade."

That's the Jobs way, the annual upgrade cash flow program where prior models are rendered redundant or obsolescent so the dedicated iPhan can renew their pledges and enrich Apple yet again.

Whatever Apple does has money and inaccessibility (except through an Apple accessory) in mind, which is why they protect their not-so-wonderful connectors, etc. from after market developers.

2
0
Anonymous Coward

Less than 24 months

The iPhone 3G could be purchased as recently as June 2009. Buyers would still be under contract!!

1
0

Re: Less than 24 months

So? Since when have Apple (or any phone manufacturer for that matter) been responsible for a contractual agreement between a customer and their network operator?

Or to put it another way ... if I (stupidly) enter into a 10 year phone contract with Vodafone to get a free 64GB iPhone 4, why should Apple have to support it for 10 years? The contract has nothing to do with them.

0
2

Page:

This topic is closed for new posts.