iPhone OS 3.1 Blocking Encrypted Microsoft Exchange Connections on Non-3GS Devices

[kdarling]

The encryption problem was known...

There were articles about the encryption problem back in July... like this one talking about how insecure the iPhone is.

During the last quarterly earnings call, Cook kind of side-mentioned that the 3GS would get a fix:

"We’re seeing growing interest with the release of iPhone 3.0 and the iPhone 3GS due in part to the new hardware encryption and improved security policies.”

 

[capvideo]

I have to echo spades here. If the server is set to only allow encrypted connections, how did it ever work?

1. The server says "you can only talk to me encrypted".
2. The client goes ahead and talks to the server unencrypted.
3. The server says, oh, all right then, and doesn't refuse to accept unencrypted connections?

This sounds like a major security flaw on the server end.

 

[jf8]

I have to echo spades here. If the server is set to only allow encrypted connections, how did it ever work?

1. The server says "you can only talk to me encrypted".
2. The client goes ahead and talks to the server unencrypted.
3. The server says, oh, all right then, and doesn't refuse to accept unencrypted connections?

This sounds like a major security flaw on the server end.

You do not understand the issue. The server can be configured to instruct client devices to encrypt the data stored on the device itself, and previous versions of the iPhone firmware ignored this policy. The server really has no way of verifying that the client is storing encrypted information.

This has nothing to do with the use of SSL (or the lack thereof) in communicating with the ActiveSync server.

 

[pmjoe]

Pre-3GS "could" do this in software but it would be very slow as encrypting/decrypting on the fly in software is *hard* on the CPU so it's not likely it will ever happen. The 3GS has specific hardware to accelerate this for a good user experience.

Get real! The typical e-mail for most people is 2,000-3,000 bytes, and the iPhone won't let you cache more than what, like 200 e-mails maximum? and the default is something like 50?

 

[moracity]

It may be a fix for a problem, but they sold a ton of 3G's that supposedly had exchange support, plan and simple. Clearly if they did not build in hardware encryption, they did not actually build in true exchange support and 3G owners have a very valid beef with apple because they were actively deceived in countless ads and spec sheets touting the 3G's compatibility with Exchange servers. Clearly when working properly (i.e with encryption enabled) there is a blatant incompatibility given the apparent lack of hardware encryption on earlier iphone models. I applaud apple for releasing a fix for a security problem, but if that fix is not accompanied by a hardware fix its essentially disabling a feature 3G owners believed their phones were capable of. Should apple choose to leave this as it is, they risk loosing what little support in the corporate world they had.

How someone at apple did not at least think to include a warning in the update dialog at the very least is unreal.

Apple could be open to a lawsuit here by companies that require encryption due to laws. All this time, the 3G has been acting as if it was doing encryption. It turns out that it was a bug...and they've known about it all along?? This is HUGE. It is unacceptable that Apple left this hole for so long. I'm usually the one scolding the whiners, but this a legitimate, real-world issue.

 

[mikejfrd]

Gonna blame ATT for this one too

 

[kdarling]

I believe that WinMo 6.0+ phones handle encryption.

 

[MorphingDragon]

Two things

1) The server trusts the client? Isn't that stupid to begin with?

2) They can't implement the necessary encryption in software?

Hardware encryption is supposedly harder to crack than software decryption.
Than again, Linux in the right hands can crack anything with ease.

 

[Jimmetry]

I have to echo spades here. If the server is set to only allow encrypted connections, how did it ever work?

1. The server says "you can only talk to me encrypted".
2. The client goes ahead and talks to the server unencrypted.
3. The server says, oh, all right then, and doesn't refuse to accept unencrypted connections?

This sounds like a major security flaw on the server end.

The problem is that the 3.0 firmware added support for the client to talk to the server encrypted, but the data is stored in a way that is accessible from the phone's memory using something that only talks unencrypted. It's still an encrypted connection, and I'm sure data during the transfer itself isn't vulnerable... just when it's accessed directly from the phone.

 

[MagnusVonMagnum]

Apple's solution is simple. Everyone upgrade to 3GS!

Oh and sorry to all those folks who cannot downgrade back to 3.0. That feature was also disabled.

Get used to it. That is Apple's solution to EVERYTHING. Want H264 hardware decoding? Then buy a new Macbook because you will not get it any other way. It simply doesn't matter to Apple whether "older" hardware (like my less than one year old MBP is "old") CAN support a feature (e.g. Snow Leopard COULD have been released for PPC machines and video support could have been enabled for older iPhone models). That is beside the point. The ONLY point is that Steve wants your money and wants it bad. Got to have that backup reserve in case a kidney goes next time!

 

[Urban Splash]

Get used to it. That is Apple's solution to EVERYTHING. Want H264 hardware decoding? Then buy a new Macbook because you will not get it any other way. It simply doesn't matter to Apple whether "older" hardware (like my less than one year old MBP is "old") CAN support a feature (e.g. Snow Leopard COULD have been released for PPC machines and video support could have been enabled for older iPhone models). That is beside the point. The ONLY point is that Steve wants your money and wants it bad. Got to have that backup reserve in case a kidney goes next time!

Best comment of the day

 

[twilson]

I'm still not understanding why something that worked before is now being removed? Why not allow Encrypted connections on all devices?

It's not encrypted connections anyway (as this is effectively SSL). This is about a requirement for an encrypted filesystem.

If an organisation REQUIRES devices to using encrypted filesystems, this should be enforced by all devices.

iPhone 3G cannot honour that requirement, thereby creating a security hole for the organisation.

At the end of the day, this isn't Apple's call. And I'm sure Apple would also be breaching the ActiveSync licensing agreement by not adhering to/respecting the policies of the server.

 

[Veri]

iPhone 3G cannot honour that requirement, thereby creating a security hole for the organisation.

Wait, what? The very flag is, when used as you imply, theatre: "Security by assuming client good faith." Why not just put everyone's mail in world-readable folders and get the client to send a message promising never to access the wrong folder?

This is a technically unenforceable policy, requiring instead a human contract between employer and employee; it is as such meaningless to attempt to technically enforce it. A policy reminded with a warning dialog? Sure. But removing functionality that could be duplicated in a third party client or, perhaps, shim? No purpose. Any organisation which requires client encryption shouldn't rely on a "well, if you would be so kind..." from the server for anything. Especially when the response could be "yeah, ok, I'll get to XORing that with the owner's dog's name right away."

(Also, iPhone's don't require you to enter a decryption key passphrase every time you unlock the device, right? So all this is irrelevant.)

 

[alent1234]

Get used to it. That is Apple's solution to EVERYTHING. Want H264 hardware decoding? Then buy a new Macbook because you will not get it any other way. It simply doesn't matter to Apple whether "older" hardware (like my less than one year old MBP is "old") CAN support a feature (e.g. Snow Leopard COULD have been released for PPC machines and video support could have been enabled for older iPhone models). That is beside the point. The ONLY point is that Steve wants your money and wants it bad. Got to have that backup reserve in case a kidney goes next time!

but Apple is being a lot nicer about it than most companies where they release 5 versions of a software package with minor differences and charge a lot more for a few features in the "Ultimate" or "Enterprise" version

 

[VenusianSky]

Mobile devices that sync corporate email is just bad all around. Blackberry, iPhone, encryption, no encryption, makes no difference. Too many irresponsible people carry these devices that contain sensitive information. There are more secure methods for accessing corporate email remotely, such as OWA and Citrix. Maybe not as convenient, but that is the price of security.

PS. I am anti-email in the corporate environment. It is more counterproductive than productive. Businesses have succeeded for many of years without it.

 

[slefain]

I signed up just to share my workaround that I used on my iPod Touch 1G to get my Calender back. My Outlook email still works somehow. Probably because I'm using the Webmail address.

I sync'd my Google Calender to Outlook, then my iPod Calender to Google Calender. Worked great.

http://www.google.com/support/calendar/bin/answer.py?hl=en&answer=98563

then sync with CalDAV

http://www.google.com/support/mobile/bin/answer.py?hl=en&answer=151674

Kind of a kludge, but it worked.

 

[twoodcc]

well at least they fixed the security issue. i know 3g owners won't be happy though

 

[seedster2]

It may be a fix for a problem, but they sold a ton of 3G's that supposedly had exchange support, plan and simple. Clearly if they did not build in hardware encryption, they did not actually build in true exchange support and 3G owners have a very valid beef with apple because they were actively deceived in countless ads and spec sheets touting the 3G's compatibility with Exchange servers. Clearly when working properly (i.e with encryption enabled) there is a blatant incompatibility given the apparent lack of hardware encryption on earlier iphone models. I applaud apple for releasing a fix for a security problem, but if that fix is not accompanied by a hardware fix its essentially disabling a feature 3G owners believed their phones were capable of. Should apple choose to leave this as it is, they risk loosing what little support in the corporate world they had.

How someone at apple did not at least think to include a warning in the update dialog at the very least is unreal.

Agreed. Apple isn't really owning up to the problem. Just warning you and instructing you to now get a 3GS for the promised exchange access

Get used to it. That is Apple's solution to EVERYTHING. Want H264 hardware decoding? Then buy a new Macbook because you will not get it any other way. It simply doesn't matter to Apple whether "older" hardware (like my less than one year old MBP is "old") CAN support a feature (e.g. Snow Leopard COULD have been released for PPC machines and video support could have been enabled for older iPhone models). That is beside the point. The ONLY point is that Steve wants your money and wants it bad. Got to have that backup reserve in case a kidney goes next time!

Indeed. Some will remain in denial but it's their business model and many enthusiasts still embrace it

 

[VoR]

Agreed. Apple isn't really owning up to the problem. Just warning you and instructing you to now get a 3GS for the promised exchange access



Indeed. Some will remain in denial but it's their business model and many enthusiasts still embrace it

Which enthusiasts actually embrace it? They're just selling products to the masses and the average consumer is completely clueless.

 

[jf8]

Mobile devices that sync corporate email is just bad all around. Blackberry, iPhone, encryption, no encryption, makes no difference. Too many irresponsible people carry these devices that contain sensitive information. There are more secure methods for accessing corporate email remotely, such as OWA and Citrix. Maybe not as convenient, but that is the price of security.

A properly secured BlackBerry with policies enforced by the central server is certainly more secure than using OWA or Citrix, unless OWA or Citrix is only accessible from a properly secured computer with enforced policies.

 

[seedster2]

Which enthusiasts actually embrace it? They're just selling products to the masses and the average consumer is completely clueless.

They're all over this forum. they will either try to excuse it or run out and buy a new apple xyz

 

[alent1234]

i like how with OWA you can save your password so if you lose your phone anyone can access your email until you change the password

 

[bartzilla]

Mobile devices that sync corporate email is just bad all around. Blackberry, iPhone, encryption, no encryption, makes no difference. Too many irresponsible people carry these devices that contain sensitive information. There are more secure methods for accessing corporate email remotely, such as OWA and Citrix. Maybe not as convenient, but that is the price of security.

PS. I am anti-email in the corporate environment. It is more counterproductive than productive. Businesses have succeeded for many of years without it.

Businesses were around before electricity too. Do you work by the flickering light of a candle or are you selective in what things you avoid because we managed without them before?

 

[drwatz0n]

Wow, in all honesty, I can't believe some of you people. Some are angered at Apple for 'patching' this 'security flaw', and others are happy that their devices are now 'more secure'. This wasn't a flaw in the first place, it was a down right lie, and let me explain it to you:

Back when enterprise support was released, users had two device options: the iPhone and the iPhone 3G. At the time, the latest version of Exchange Server was 2007, which supported encrypted device connections. So, even though these two devices did not support such a connection method, Apple decided to 'fake it' for the shear sake of selling devices under the 'works with Enterprise/Business/Exchange' mantra. This was not a flaw, at the time at least, yet a feature: they faked the encrypted connection in order for these devices to be able to connect to secure Exchange 2007 servers.

Fast forward to Wednesday, and Apple released the iPhone OS 3.1 update (3.1.1 for iPod touches). Apple decided that the iPhone 3GS was the device to have, and, without ANY warning whatsoever, 'fixed' this 'bug'/feature, which ended up disabling sync between the iPhone/iPhone 3G and a encrypted connection Exchange 2007 server.

The fact of the matter is this: Apple enabled this flaw/feature in order to sell devices. Let's be frank: at least a decent number of iPhone sales can be attributed to the fact that the devices were compatible with Exchange and enterprise setups. Now, with a new device available, Apple decided to play by the rules and stop lying to Exchange servers, breaking sync for a (potentially) large user base.

They didn't fix a flaw, they simply stopped a lie/fake connection.

 

[alent1234]

was this encryption thing part of the shipping version of Exchange 2007 or did Microsoft add it in an update?