iPhone OS 3.1 Blocking Encrypted Microsoft Exchange Connections on Non-3GS Devices

[MacRumors]

TUAW reports that a number of iPhone users who have updated to iPhone OS 3.1 are finding themselves unable to access their Microsoft Exchange accounts due to device incompatibility with Exchange's server-side encryption.

While the iPhone 3GS supports this device-level encryption, other iPhone and iPod touch models do not. Non-3GS devices had been able to access Exchange systems utilizing the encryption option on iPhone OS 3.0, but the ability was apparently an oversight on Apple's part that has been corrected in iPhone OS 3.1.

While many are reacting to this issue as though it's a bug, and are reporting it as such, the reality is that the Exchange encryption requirement is a feature and the fact that it was not being correctly enforced was actually a security hole. IT administrators with Exchange 2007 SP1 servers and iPhone clients are probably going to be fielding an above-average level of incoming questions, but at least they can rest easy knowing that Exchange encryption is now working correctly. Cold comfort for their users, though.

Apple today posted a support document addressing the issue, noting that the only recommend solution at this time is for affected users' system administrators to disable the device encryption option for syncing.

Article Link: iPhone OS 3.1 Blocking Encrypted Microsoft Exchange Connections on Non-3GS Devices

 

[mr.steevo]

Lost functionality is now a feature.

s.

 

[infiniteentropy]

This situation seems odd, especially since it was in place on previous models, though I believe I understand the concern for users and administrators that necessitated this move.

Seems like an effective way to push enterprises to the new 3GS model, though!

 

[Xenu007]

Still unable to import .ics calendar invites

Still unable to import .ics calendar invite email attachments into iCal via iPhone 3.1

 

[alphaod]

That's not a solution.

 

[Small White Car]

Oh boy! Here comes 3.1.1!

EDIT: Although if I'm reading this right, being locked out is how its supposed to work. Well, I guess that IS secure!

 

[phatcat]

Apple's solution is simple. Everyone upgrade to 3GS!

Oh and sorry to all those folks who cannot downgrade back to 3.0. That feature was also disabled.

 

[raptorhigh]

It's probably important to note that this looks like it affects exchange 2007, and not 2003.

 

[killmoms]

They patched a security hole that cannot be fixed on the old hardware due to the lack of encryption hardware.

Commence whining anyway.

 

[alent1234]

supposedly the email on the 3G is not encrypted when it's stored on the phone and that's a big deal for a lot of companies. my wife works in a company regulated by HIPAA and they locked their MS Exchange environment so the only way you can access it on the iphone is via OWA. their blackberries don't have wifi or cameras either, they have secure models

if you have a problem see your IT people. the only people whining are the ones who the IT people don't like anyway

 

[clunker]

telegraph reports updat eproblems

http://www.telegraph.co.uk/technolo...ers-report-problems-with-software-update.html

 

[griz]

Oh boy! Here comes 3.1.1!

EDIT: Although if I'm reading this right, being locked out is how its supposed to work. Well, I guess that IS secure!

Actually updated my touch last night and it is 3.1.1(7C145)

I'm still not understanding why something that worked before is now being removed? Why not allow Encrypted connections on all devices? If they supported it before 3.1 why not leave it in?

Edit: Ok, just reread the statement. I was reading it as the devices supported encryption prior to the 3.1 update and 3.1 removed it. The removal of that encryption caused the server not to sync.

 

[jav6454]

Bad move Apple, you still have lots of 3G customers out there in the corporate world to make this kind of stunt.

Actually updated my touch last night and it is 3.1.1(7C145)

I'm still not understanding why something that worked before is now being removed? Why not allow Encrypted connections on all devices? If they supported it before 3.1 why not leave it in?

3.1.1 is for iPod Touches only. 3.1.0 is for iPhones

 

[Small White Car]

Why not allow Encrypted connections on all devices? If they supported it before 3.1 why not leave it in?

It can't work on the 3G. It's hardware encryption and the 3G and first gen iPhones don't have the hardaware.

It only worked before because they made a mistake...it wasn't actually secure in 3.0! So they fixed it.

So there's nothing Apple can do about this. If you need hardware encryption you need to buy a phone with that hardware. If you don't need that level of encryption, don't turn it on in the servers.

Those are your choices.

Bad move Apple, you still have lots of 3G customers out there in the corporate world to make this kind of stunt.

Please explain what you think they should do.

 

[zachwill]

Apple's getting too damn corporate/greedy.







in b4 fanboys

 

[alawatsakima]

Actually updated my touch last night and it is 3.1.1(7C145)

I'm still not understanding why something that worked before is now being removed? Why not allow Encrypted connections on all devices? If they supported it before 3.1 why not leave it in?

Edit: Ok, just reread the statement. I was reading it as the devices supported encryption prior to the 3.1 update and 3.1 removed it. The removal of that encryption caused the server not to sync.

Because the other devices DIDN'T support it... It just LOOKED like they did. If the old devices are not capable (At the hardware level) of encrypting the data correctly, then I am very pleased that Apple did this. The last thing IT people need is a bunch of phones that arn't secure at all pretending to be secure.

Conclusion: This bites for users, but real security is odviously better than fake security.

 

[Jimmetry]

Wow, way to misunderstand the problem completely.

This is not a stunt. If an administrator has enabled device encryption, it's because they expect the sensitive data to be stored in an encrypted manner on the device. The iPhone 3G CANNOT STORE DATA IN THIS ENCRYPTED MANNER.

If any "corporate customer" is going to get pissed off at Apple for disabling this (they're not), then they should simply disable device encryption because IT WAS NOT BEING USED IN THE FIRST PLACE.

Sigh.

 

[griz]

Ok, so to be clear that I am understanding this.
1. They didn't remove any functionality from the touch or 3G, they just removed the ability for them to sync unencrypted data to the server.
2. The Touch and 3G weren't encrypted before and still aren't.
3. The only thing that changed was that the devices were not properly reporting themselves and the server policy that requires encryption was essentially being fooled into thinking the 3G and touch were syncing encrypted data.

 

[benlee]

Please explain what you think they should do.

Its called a time machine. You know they already have a prototype and are just slowly releasing the technology each year to get more money from us.

Better yet, release a hardware update via software update...this they also have the ability to do.

 

[Small White Car]

Ok, so to be clear that I am understanding this.

That's pretty much it.

Better yet, release a hardware update via software update...this they also have the ability to do.

Yeah, I know. They kept bragging about Snow Leopard's printer update. I keep trying it but my printer hasn't changed! They're clearly still working out the bugs on that one!

 

[coolfactor]

Apple's getting too damn corporate/greedy.

While I agree they should've had the foresight to build in the hardware encryption before the 3GS, that alone became one of the iPhone 3GS' features.

Companies that mandate such high security should be providing their employees with the right hardware anyway, and that won't include iPhone 3G's.

At no point does this make Apple greedy. They added a feature to their latest phone. It just wasn't being properly enforced by the software. Now it is.

 

[Michael73]

If your social security #, credit card numbers and other personal info was in an email on someones 3G iPhone wouldn't you be concerned if it wasn't encrypted (at the hardware level)?

C'mon, the ramifications could be HUGE for data falling into the wrong hands! I for one, appreciate what Apple did.

 

[aristotle]

So this is a story about Apple fixing a security hole and people are whining? iPhone 3.0 on the 3G was incorrectly reporting that it had device level encryption when it did not. The new release fixes this issue.

 

[Spades]

Two things

1) The server trusts the client? Isn't that stupid to begin with?

2) They can't implement the necessary encryption in software?

 

[coolfactor]

If your social security #, credit card numbers ... was in an email...

That type of info should never be sent in an email anyway, encryption or not!