iPhone update breaks Exchange compatibility

Jake Widman
Wednesday, 16 September 2009 02:17

Your IT - Mobility

Version 3.1 of the iPhone OS, released last week, disables the ability of pre-3GS iPhones, as well as iPod Touches, to access many Microsoft Exchange 2007 servers. The incompatibility suggests that Apple had been concealing a security flaw in previous versions of the OS.

The flaw was discovered by users who updated their older iPhones or Touches and then tried to access their companies' Exchange servers as they had been doing before.

If the Exchange server is set up to demand data encryption on mobile devices, that attempt now produces an error message reading "the account [name] requires encryption which is not supported on this iPod/iPhone."

The only solutions are to upgrade to a new iPhone 3GS, turn off the demand for on-device encryption at the Exchange server, or downgrade to iPhone OS 3.0. The problem is that the downgrade doesn't necessarily support encryption; rather, it suggests that up till now, the older OS had been falsely reporting to Exchange that encryption was supported.

That would mean that users have been carrying around insecure, unencrypted data on their iPhones and iPod Touches while believing they were meeting the security policies established by the Exchange server.

The OS upgrade fixes that security hole, but at the cost of disabling Exchange access for most of the devices already in the field -- and, some point out with anger and dismay, betraying Apple's promises of enterprise-level security.

So far, Apple has not addressed the issue, so it is unknown whether the OS can be modified to support encryption on older devices, or indeed whether those devices can manage encryption at all.