Apple gives iPhone users an insecurity complex

Nobody expects old technology to go on forever. But giving new iPhone users a year before abandoning them to the hackers is a low shot from a high-tech company

If you own an iPhone 3G and use it with Wi-Fi, stop now. You're not safe, nor will you ever be.

There's a security hole that means you cannot make Wi-Fi secure, but risk having your secrets tapped. Apple knows what it is, but will only fix it for later models. So, if you have a 3G and want to keep your personal data safe, you must buy a new phone.

Apple stopped supporting the iPhone 3G in January, with the release of the incompatible iOS 4.3. The iPhone 3G itself was discontinued in June 2010, so anyone who bought one then has had around a year of use. But, as patches are only being issued for iOS 4.3.x, an upgrade is the only sanctioned option.

For any company, this would be shoddy. For Apple, it's unforgivable.

iPhone 3G

Apple has chosen not to supply iPhone 3G owners with a fix to a known Wi-Fi security problem. Photo credit: Apple

There are, of course, limits to how far a company can be expected to support obsolete products. And support can mean many things. Adding new features is one level, and nobody should be surprised when an old design proves physically incapable of managing the latest software.

Admittedly, users love it when they get new things for free, but Apple understandably prefers you bought the new hardware to go with it.

But fixing security problems that render something unsafe is not dependent on hardware, and not something that should be seen as subservient to revenue maximisation. This is doubly so when the security flaw is in a vital part of the software: mobile phones operate in a very hostile, varied environment where attacks are particularly easy to mount.

Moreover, since the problem has been fixed in more recent versions of the operating system, much of the hard work has been done. It's true that bug fixing isn't particularly cheap: once found, the bug has to be fixed and the fix tested intensively, with the result distributed to millions of users. This isn't trivial, but all the mechanisms are in place inside Apple. It, of all companies, can afford to extend security support for its user base.

That it doesn't, even with a year-old product, is very poor. Microsoft withdrew Windows XP from sale in October — it's a very mature product, with no more upgrades due. Even so, security updates are promised through to 2014. Microsoft would really, really like you to upgrade to Windows 7, but it won't leave XP users in the lurch for three more years.

Why won't Apple do the same? It would be nicer if it didn't just leave serious security holes open but had the decency to send, say, some self-destruct signal to the phones (perhaps via a battery hack). That way, its users would be safer than now. Or it could send a text message: "Your phone is insecure. Apple recommends you buy a new one". That would be honest, at least.

The only two reasons for Apple choosing to leave its users out to dry are miserliness — where the company chooses not to spend money it can easily afford — or greed, where it is happy for any mechanism that forces a hardware upgrade cycle.

Which is it to be, Steve?

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.