Apple last night released the iPhone 1.1.1 update, fixing security issues, adding features, and making previously unlocked iPhones unusable.
The update disables phones that have been hacked to work with providers other than AT&T, the only US provider Apple has allowed to carry its mobiles.
In recent months, a number of software tools have been developed which allow iPhone users to break free of Apple's AT&T-only restriction, but Apple has said that it will fight attempts to unlock the iPhone. Earlier this week the company released a warning that unlocked iPhones "will likely result in the modified iPhone becoming permanently inoperable when a future Apple-supplied iPhone software update is installed".
Shortly after the update was released, users of unlocked iPhones began reporting problems.
Security researcher Tom Ferris said the new software disabled phones that had been unlocked using the open-source anySIM software in order to work on T-Mobile USA's wireless network. After the update, the iPhone was stuck with an error message and apparently unusable. "It kept saying 'unsupported SIM card,' even with the AT&T SIM card in it," he said. "You can turn the phone off or on, but we just can't figure out how to get past this 'SIM card not supported'," he said.
SIM (Subscriber Identity Module) cards contain account information and are used to authenticate devices on certain types of mobile networks. Unlocked iPhones can use SIM cards from non-AT&T networks.
Others were reporting similar problems on Thursday.
The update also appears to disable the 'Jailbreak' hack which allows users to install unsupported software on the iPhone, Ferris said. After the 1.1.1 patch was installed it wiped out all of the third-party applications he had installed on a second iPhone, he said.
The new software is Apple's biggest iPhone update to date, and it fixes a number of security flaws in the mobile phone's browser, mail client and Bluetooth networking server.
The majority of the flaws do not appear to be critical, but the update fixes a larger number of bugs than the first iPhone update, released on 31 July.
Hackers have said that the iPhone's browser and mail clients are the most likely sources of software flaws, and this release bears that out. Apple fixed seven flaws in the Safari browser, two in the iPhone's mail client and one Bluetooth bug with the release.
The Bluetooth flaw could be the most serious - Apple said that it could allow an attacker to run unauthorized code on the iPhone - but because Bluetooth works over a range of just a few feet, the attacker would have to be standing near the victim for any exploit to work, said Andrew Storms, director of security operations with nCircle Network Security.
Noted hacker HD Moore agreed that the Bluetooth flaw was serious. "The only bad issue here is the Bluetooth flaw," he said via email. "I will start working on this tonight."
Though there may be some technical limitations to what an attacker could do by exploiting this bug, it "could be a nasty remote exploit," he added.
Earlier this week, Moore added iPhone hacking capabilities to the Metasploit hacking tool that he develops.
Mobile-phone users typically cannot update their own software, but Apple introduced this capability in the iPhone, which uses the update mechanism in the phone's iTunes music player.
iTunes checks for these updates once per week, so it may take up to seven days for all iPhone users to see these updates. Apple advises users to install the update immediately.
The update also adds support for the iTunes WiFi Store and other new features to the iPhone.
The device gains:
- loud speaker and receiver volume;
- a shortcut to phone favorites or music controls;
- the capacity to intelligently insert periods and spaces;
- Mail attachments are viewable in portrait and landscape;
- Apple Bluetooth Headset battery status in the Status Bar;
- support for TV Out;
- A preference to turn EDGE/GPRS off when roaming internationally; and
- adjustable volume alerts.