back to article Apple security update leaves iPhone 3G users unprotected

Apple is leaving some of its older mobile devices unprotected with its latest patch batch. An iOS 4.3 update, which includes a number of critical security fixes, is incompatible with the still widely used iPhone 3G and older versions of the iPod Touch. The latest version of Apple's mobile software can only be applied on the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    The title is required, and must contain letters and/or digits.

    "Apple should still produce patches, otherwise security conscious people would have to upgrade."

    Ummm... Isn't this the idea? Apple - the same Apple that wants 30% from all subscription revenue for content viewed on their iThingies - is hardly likely to go out of their way to not encourage people to spend more money on new gear...

  2. Anonymous Coward
    Jobs Horns

    @ the 3G owners out there..

    Just stump-up for a new iPhone. Not that big of a deal.

    Steve

    Sent from my (company) iPhone

  3. moylan
    Alien

    thank goodness

    that i only use/used opera on my symbian, android and iphone devices? it's an acquired taste but i like having the same browser on all devices.

    1. Anonymous Coward
      Anonymous Coward

      pointless title is pointless

      USE OPERA IT'S GREAT!!!!!!!!!11

      We know of it, we don't care about it and we really wish Opera users would shut up about it.

  4. R.E.H.

    The title is required, and must contain letters and/or digits.

    "Apple should still produce patches, otherwise security conscious people would have to upgrade."

    I'm sure Apple is real broken up over the idea that security conscious people would have to upgrade.

  5. Anonymous Coward
    Anonymous Coward

    iPhone 3G?

    Forget that, I'm still waiting for my Hayes modem to be patched for that way worse bug +++ ATH0, oh sh

  6. SAP Bod

    No support for a 2.5 year old device?

    <sarcasm>Why no iOS 4.3 for my iPhone 2g eh, that's what I want to know!</sarcasm>.

    Seriously though, I'm actually curious to know peoples opinion on what time span of official support you should expect for a non-shipping device? I'm not condoning apple here because I fell into this trap when I stopped getting iOS updates for my 2g iPhone - I'm just curious to know what people think the cutoff should be, because you can't support everything indefinitely. Although MS seem to be doing a very good job with XP ;-)

    As a similarity, the T-Mobile G1 was released a few months after the iPhone 3G (I think?!?!?) and at what point did official firmware updates stop coming for that? This is where Android > iOS in that the dev community has taken over and I think you can get hacked ROM's of gingerbread for it - not sure on performance but I understand it works?!?!

    It's fairly obvious that Apple are never going to let iOS loose for the dev's to hack around with a'la Android, but it'd be nice to see some sort of official "we will provide OS updates for X years" when you purchase a device. When did Apple stop 'shipping' the 3G btw? Launch of the iPhone 4 - I can't remember now!

    1. Darren Coleman
      Thumb Down

      @SAP Bod

      "Seriously though, I'm actually curious to know peoples opinion on what time span of official support you should expect for a non-shipping device? I'm not condoning apple here because I fell into this trap when I stopped getting iOS updates for my 2g iPhone"

      I'd expect any software update that COULD work on my device if it wasn't arbitrarily locked out for commercial reasons to be available.

      If there was something in iOS 4.3 that could not work on 3G iPhones for technical reasons then that's fair enough, but I suspect that they are just excluded for no other reason than to encourage those people - who probably still have perfectly functioning phones - to upgrade.

      1. Campbeltonian

        'Works'?

        That depends on your definition of 'works'. The perceived wisdom is that iOS 4.x never worked on the 3G at all.

      2. Silver

        Re: @SAP Bod

        "I'd expect any software update that COULD work on my device if it wasn't arbitrarily locked out for commercial reasons to be available."

        The problem is that whilst this is great for the consumer, it's not an economically viable business model.

        There are significant costs associated with developing, testing, releasing and maintaining code for older devices which - because they are still getting updates - will cannibalise your current hardware sales.

        In addition, there is nothing wrong with encouraging people to upgrade after a certain (reasonable) timeframe and I think that 2.5 years is pretty reasonable when you consider the length of contracts and that only a couple of years ago we got the software that came with the phone and it never received any updates to fix bugs it its entire life - let alone new functionality.

        Just so long as all the features you have on your current phone continue to work when it is discontinued then I don't really see the issue. You bought the phone for the functionality it had 2.5 years ago and now you still have that functionality plus a bit more you got for free.

        It's not like you've lost out.

      3. Richard 118
        Jobs Halo

        Processor

        Erm that'd be that the 4.3 is built to take advantage ARM7 processors and the 2G and 3G both used ARM6... so in actual fact, not it's not just arbitrarily locked out, there is actually a hardware reason.

    2. dotdavid
      Jobs Horns

      Life of the contract?

      I'd say about 24 months is reasonable, or the length of the contract you took out for the phone. After that you'll probably be looking at a new phone anyway.

    3. Anonymous Coward
      Anonymous Coward

      The title is required, and must contain letters and/or digits.

      "I'm just curious to know what people think the cutoff should be, because you can't support everything indefinitely. Although MS seem to be doing a very good job with XP ;-)"

      If it's a critical security fix, I think it should be supported indefinitely. To put it into perspective, motor manufacturers have to support recalls indefinitely.

    4. JarekG
      FAIL

      @SAP Bod

      At least for as long as I have my contract on that phone. If my iPhone (yes I know, we all do big mistakes...this was my) was 3 years, I would expect to be supported for at least 3 years from the time I made the purchase.

    5. jonathanb Silver badge

      Other manufacturers

      I bought my Samsung Galaxy S in November 2010, and they stopped doing updates for it in December when the the Nexus S came out. You can still get the Galaxy S in Carphone Warehouse now and elsewhere now.

      1. .stu

        wtf?

        Except that Samsung have alread said they will release Gingerbread for it - you just gotta be patient.

        1. jonathanb Silver badge

          Re: wft

          Samsung India said at one point that they would release Gingerbeard[sic] and then withdrew the statement. I think that means they won't.

          1. Anonymous Coward
            Anonymous Coward

            Gingerbread

            A beta of the official Galaxy S Gingerbread ROM has already leaked and people are using it on their phones. It's expected that it will be released for the European version of the Galaxy S in the next couple of weeks. You will get it (unless you're in the US and then there's no guarantee the carriers will pass it on).

      2. Giles Jones Gold badge

        Fairly common

        That's pretty common in the phone industry. Largely because the phone manufacturer doesn't get a single penny of payment for the OS, often they have to pay out to get the OS or licence something (think Google Marketplace).

        The real issue here is why the built in applications have to be built in? why can't the browser be upgraded separately to the rest of the firmware?

        Okay, that carries a risk of rogue applications replacing the default ones and stealing information, but I'm sure that can be protected against.

    6. Robert E A Harvey

      @SAP Bod

      >what time span of official support you should expect for a non-shipping device?

      In my view, length of warranty +one year. EU rules imply a 2-year warranty so that would probably be 3 years.

      But I also favour a £10 per year subscription solution for up to 5 years.

      That said, people often pass ex-contract phones onto relatives. If some vulnerability were being exploited that might lead to fraud or loss of money I would expect it either be fixed or a warning issued to stop using the devices, up to (something like) 6 years. Out of simple decency.

  7. Nick L
    Thumb Down

    iPhone 2g...

    Yep, I'm still using an iPhone 2g. It makes calls and accesses data, and does what I want. Apple really should be kicked quite hard for dropping support for devices quite so quickly...

  8. Jonathan White

    It's all context

    Pretty much all mobile phone manufacturers have traditionally stopped support for handsets not long after the things have disappeared off the shop shelf. Apple had the choice of acting like a PC manufacturer (support for 5 years after launch kind of deal) or acting like a handset maker ('Fix? The fix is to buy a new one.'). In the end they seem to have chosen a middle ground. The bare fact is you can't please all of the people all of the time - a subset of people will always want 'support' for any product long after it's economically viable to provide it.

    I think two years after a device has been superseded is pretty much as long as you're going to get in the real world. The fact Android hackers can take over patches doesn't mean the G1 is being 'supported', because it plainly isn't. You can still get people who will help you fix a ZX spectrum, after all.

  9. Anonymous Coward
    Anonymous Coward

    Original iPhone & iPhone 3G EOL

    Yes, this is a good point. I have two relatives using hand-me-down iPhones that are end-of-life. Of course, the bulk of the iOS v4.3 update is unusable on older iPhones, Apple should clearly be putting out security updates.

    While people here can argue about supporting devices indefinitely, it should be noted that Apple invented adding new features for free, WAY AFTER purchase...or EVER. How many phones got updated after buying it...before an iPhone. Oh. NONE.

    In the meantime, just use Opera on your iOS device. It really is rocket-fast & easy to use. (The new Opera Mini 6, for iPhone & iPad will be even better with smooth zooming & Retina Display support.)

    (For the few javascript-heavy sites you view, just use the insecure Mobile Safari, but be careful.) ;)

    FYI: iPhone released June 2007, EOL Feb 2010 w/ IOS v3.2 unsupported...34 months

    iPhone 3G released June 2008, EOL today w/ iOS v4.3...33 months.

    http://en.wikipedia.org/wiki/IPhone_OS_version_history

    1. Randy Hudson

      Check your math

      Buyers could have purchased the 3G until June 2009, or 21 months ago. They would still be under contract to use a phone with known security flaws.

    2. Getter lvl70 Druid
      FAIL

      Apple invented the mouse too... right?

      I used to get system updates on my Nokia 6110 waaaaay back in 2000 over the AT&T network..... try again fanboi.

      1. Giles Jones Gold badge

        LOL

        But were they major updates? I doubt it. Nokia 6110 was too limited, unless a patch to the Snake game counts for something?

        I think you're confusing software upgrades with carrier upgrades? carrier upgrades are just updates to configuration.

  10. SAP Bod

    Split out Safari from iOS?

    Could Apple split out Safari from iOS and treat it as an 'App' in the app-store or is it too entrenched within the core iOS? Splitting it out would mean Apple could patch vulnerabilities more easily and keep the core iOS updates for major functionality changes / enhancements in-line with the hardware revisions?

  11. Bear Features

    LIES

    This is just negative propaganda, everyone knows that all Apple devices are magical and never have any problems nor virii. It's impossible. Buy anything Apple and your life is transported to a realm of blissful happiness. Just don't have any illusions about buys media from the nasty "outside".

    1. Giles Jones Gold badge

      Apple is different

      If you can name me another phone manufacturer who has provided two *major* updates to their customers for free then I'll accept that Apple aren't different. But I'm guessing you won't find one.

      iPhone 2G - 1.0 to 3.0

      iPhone 3G - 2.0 to 4.0

      iPhone 3GS - 3.0 to 5.0?

      iPhone 4 - 4.0 to 6.0?

      Every smartphone I have owned has only given me about 2 minor firmware updates.

  12. TWB

    These vulnerabilities?....

    ...I read about them but I do not read about them being exploited.

    I mean it seriously - am I not reading the right stuff of are hackers getting lazy, bored etc? - is it now not worth the effort to exploit a careless user i.e. there is no money (or glory) in it?

  13. the-elf
    Flame

    not happy

    having brought a new I pod 8Gb only 6-7 months ago I am not happy that it is no longer being supported. There was never a 3rd Gen 8Gb version so now after a few months of ownership my device is no longer supported?????

  14. Andy ORourke
    Unhappy

    Is it actually available now?

    I read the original article yesterday, went home but iTunes told me there were no updates available.

    Maybe I didn't read the article closley enough, is the latest version supposed to be available right now in the UK?

    1. Sooty
      Thumb Down

      Yep it's available in the uk

      I updated yesterday, it feels a bit nippier generally than the last, but then that slowed mine right down.

      As for the personal hotspot, I have the option, but O2 won't let me use it without paying them an extotionare extra monthly fee to allow another device to use my limited amount of data

  15. David Austin

    title

    This is one of the few areas where I think Apple could learn a bit from Microsoft.

    Microsoft's Support Lifecycle policy (http://support.microsoft.com/lifecycle/) means as soon as a product hits, we know how long it's going to be around and will be supported for, and can plan accordingly.

    It includes dates that it will stop being sold, dates that feature requests and bespoke patches will stop, and, most importantly, the date that critical security updates will stop, all laid out up to 7 years ahead of time.

    You may grumble that it's not a long enough timeframe, but at least you can't say you weren't warned beforehand, and knew how long it was before you product would remain unpatched before purchase if you cared to look.

    Take the Apple XServe issue: From a current, shipping product to discontinued in a little under 4 months, with spares only guaranteed until the end of your current Applecare Agreement. Just reading the apple forums, it threw a major and unexpected spanner into some customers lives: http://discussions.apple.com/thread.jspa?threadID=2638103&tstart=1

    Apple likes playing things close to their chest, which obviously works well for them, but if they took on-board some of lessons Microsoft learned through it's trustworthy computing initiative - consistent security bulletin procedures, defined disclosure procedures, and well publicised roadmaps and lifecycles - think how much more confidence SMB and enterprise IT would have in putting Apple product front and centre of their long term planning - something many are reluctant to do for these kind of issues.

    1. Anonymous Coward
      Anonymous Coward

      I don't see it

      I don't see any Microsoft "lifecycle policy" for anything newer than Windows Phone 5.0.

      Where the policy for 6.5? Where's the one for Windows Phone 7?

      I think one lesson here is don't apply the same rules to phones and desktop machines. They're very different things.

      The other lesson is never buy dedicated servers from companies you know are selling too few to make it profitable and expect long term service. This goes for Apple and many other companies.

      I don't see any other problem. SMBs, especially, should have no problem installing Mac desktops and notebooks. Just don't expect to follow the same script as with Windows.

  16. Anonymous Coward
    Anonymous Coward

    Join the crowd

    Purchased my Apple Newton MessagePad 2100 and after a mere 15 years I find it's no longer supported! I waited and waited but since there was never another version with PCMCIA cards I wouldn't upgrade.

    We didn't even get Safari, let alone an updated version. With a whole 4Mb of RAM they should be able to stick it in no problem. Shocking!

    But now, really, the problem with the 3G is it only had 128MB RAM. Not enough for the new Safari which comes with super fast Javascript interpreter. So don't get your hopes up, I'm sorry to say.

    1. Anonymous Coward
      Anonymous Coward

      Err...

      Macos x 10.4 out of support after, what 5 or 6 years?

      Win XP still supported after 10.

      1. Anonymous Coward
        Anonymous Coward

        Come on..

        Everyone knows XP was only really supported that long because no one moved to Vista and businesses would have carved a crater in Microsoft should they have dropped it.

        On the other hand OSX 10.5 worked fine.

        Don't make yourself look dumb.

        1. Jedit Silver badge

          PKB

          XP support was extended for an additional three to five years due to low take-up of Vista, but that still means it was supported for ten to twelve years after launch instead of seven years. In contrast, the iPhone 3G was released in July 2008 and is no longer being supported 32 months later.

          Hardware is not software, though. I would expect hardware to be supported through its realistic expected lifespan - and so long as my device has the capacity to use the current round of software upgrades, I would expect to be allowed to do so. If Apple are ready to admit that the expected lifespan of its flagship product is less than three years, then you would have to be a moron to buy it.

      2. Silver
        FAIL

        Re: Err...

        That's very nice, but you're talking about computer operating systems and we're talking about mobile operating systems.

        Different products, different eco-systems, different sales strategies, different purchasing models, different support models...

  17. Anonymous Coward
    Jobs Horns

    otherwise security conscious people would have to upgrade

    And this is Apples problem how exactly?

  18. Wrenchy
    Linux

    Oh the Humanity!!

    Oh the iOS frag-mun-tay-shun!

  19. Patrick 8
    FAIL

    No assurance in untested products.

    A product that is not tested such as:

    o All linux platforms as their overall market share is considered so minuscule its not worth testing in the minds of some.

    o Opera and other browsers

    o Any other platform not in the various competitions and security evaluation / researcher programs.

    From a risk management point of view, not being testes is *NOT* something to be proud of as this represents a risk in itself. Being tested and failed gives more assurance as to what was tested, what succeeded in being reduced or mitigated and what failed to be reduced or mitigated.

    I see untested products as more dangerous than tested as they are no longer in the security life cycle management process with the same level of scrutiny and transparency.

  20. Annihilator

    6 years

    Be interesting to test this, but UK law says that consumers are entitled to a partial refund or full repair if a fault appears. After the first 6 months of ownership, the burdon to show that it's a fault that's existed since the start falls to the consumer, however it should be fairly easy to prove.

    1. Anonymous Coward
      Anonymous Coward

      Interesting...

      Ahah would be extremely funny to apply that to software, computers, digital cameras, etc.

      Having said that it would ruin the IT industry, or you'd start paying at least double on everything going into the UK market.

  21. Anonymous Coward
    Anonymous Coward

    Less than 24 months

    The iPhone 3G could be purchased as recently as June 2009. Buyers would still be under contract!!

    1. Silver

      Re: Less than 24 months

      So? Since when have Apple (or any phone manufacturer for that matter) been responsible for a contractual agreement between a customer and their network operator?

      Or to put it another way ... if I (stupidly) enter into a 10 year phone contract with Vodafone to get a free 64GB iPhone 4, why should Apple have to support it for 10 years? The contract has nothing to do with them.

      1. Figgus

        RE: Re: Less than 24 months

        Since a compromised phone could cause network issues (per Verizon, mimicked in the excuse book of other telcos), then Apple should be interested in appeasing the carrier by keeping their devices patched. In your example, Vodafone would doubtless prefer the patching take place and they actually bought the phone from Apple in the first place (so they could give it to you).

        At least, I'd think it would work this way on the West side of the pond because of all the carriers being in bed with the manufacturers...

  22. JaitcH
    WTF?

    Bingo! "otherwise security conscious people would have to upgrade."

    That's the Jobs way, the annual upgrade cash flow program where prior models are rendered redundant or obsolescent so the dedicated iPhan can renew their pledges and enrich Apple yet again.

    Whatever Apple does has money and inaccessibility (except through an Apple accessory) in mind, which is why they protect their not-so-wonderful connectors, etc. from after market developers.

  23. Jellyjazz
    Flame

    Has anyone actually read the article properly?

    "The handful of malware strains to have infected iPhone devices thus far have only infected jailbroken devices."

    Whats the problem? It's in favour of developers who are losing money to the pirating gypo's that can't cough up a few pence for an app.

    Go legit.

    And for people on older handsets, if your on a contract surely by now your eligible for a free upgrade. If you bought it outright, tough your fault (2G's were absolute crap anyway), sell it and buy a 3GS+ or a Droid.

    Flame as i'll be down-clicked by pirating gypo's.

  24. sack

    Some people are still locked in to contracts

    I'm not sure what would be the best cutoff date for support, but I'm sure it should allow people to complete their minimum contract terms with their phone providers before their handset goes EOL.

    I'm stuck with this 3G for another year now, apps are starting to not install because they're built against 4.3 (updates fail too, leaving you in limbo unable to install the update, or revert to the last good version you had) and it seems to have picked up bugs over the last upgrades and then been declared EOL without any fixes. The thing does less now than it did when I got it!

    If my minimum contract with orange had passed I wouldn't be so annoyed, but now I'm stuck with this thing for another 12 months.

This topic is closed for new posts.

Other stories you might like