Recommended + Security & Privacy

If You Care About Security, Throw Away Your iPhone 4 Right Now

Posted on September 23rd, 2014 by

Throw your iPhone 4 in the bin
With the release of iOS 8—perfectly timed with the launch of the iPhone 6 and the trouser-bulging iPhone 6 Plus—Apple has continued its long and proud tradition of essentially forcing you to throw out your old iPhone and buy a new one.

Why do I say that? Because iOS 8, the latest version of their mobile operating system, is packed with security fixes – none of which are coming to iOS 7.

And, sadly, if you are still using an iPhone 4, iOS 8 is simply unavailable to you. iOS 7 is the end of the road as far as you are concerned.

Which means you have a choice.

You can either buy a more recent model of the iPhone (and upgrade it to iOS 8 if it isn't already pre-installed), switch to an Android (I can hear you gagging already…), or stick with your once proud iPhone 4 running iOS 7 and run the gauntlet of being exploited by the myriad of threats which will never get patched.

To be honest, none of these are terribly attractive options.

Why not buy a more recent iPhone?

Your iPhone 4 has probably served you well for years as a mobile phone, and allows you to browse the web and perform any number of functions without difficulty. Its battery may be getting a little long in the tooth and not last as long as it once did (the lack of replaceable batteries could be argued to be another way in which Apple builds obsolescence into its devices), but there are workarounds for that to keep you topped up during the course of the day.

Buying a newer iPhone just to keep it secure from vulnerabilities is a costly option for those with tight budgets. And tough luck if you actually *liked* the iPhone 4 because of its smaller size, compared to the later iPhone 5, the beefier iPhone 6 and the palm-stretching colossus that is the iPhone 6 Plus.

Why not buy an Android?

Switching to Android isn't going to be attractive to many either. After all, you've invested in the Apple ecosystem by making app purchases, and learnt how the iOS operating system works. You may have been turned off by Android in the first place by the significantly larger malware threat affecting the platform.

Furthermore, and thanks to Jon Ribbens on Twitter for reminding me of this, it's not as though many Android devices don't have their own fair share of problems when it comes to receiving OS updates.

Why not stick with what you've got?

Which leaves, of course, sticking with your iPhone 4 running iOS 7. That would be fine if so many security vulnerabilities in iOS 7 hadn't been fixed in iOS 8. And it's not as though the software flaws are academic and unlikely to be a threat in the real world.

Of particular concern is a memory-corruption issue in iOS's core graphics library, which could open opportunities for attackers to remotely exploit Safari on iPhones and iPads still running iOS 7.1.x.

According to security researchers at Binamuse, who discovered an exploit kit which exploited the CVE-2014-4377 vulnerability, attackers could potentially create a boobytrapped PDF file and embed it on a webpage to attack vulnerable devices running iOS 7.1.x, and gain complete control of victims' iPhones, iPod Touches and iPads.

In short, your iPhone 4 is not updated and it can be exploited just by browsing to a dangerous webpage.

But this is just one of many vulnerabilities that iOS 8 fixes, and who knows what future flaws later updates to iOS 8 will fix, which will remain forever unpatched on iOS 7.

Apple should patch iOS 7... but probably won't

Apple should really do the right thing and patch iOS 7 for those millions of users who are either unable or unwilling to update their operating system. Sadly, I can't see that happening...

I know that Apple doesn't want to get into a Microsoft-style situation (remember Windows XP?) where it finds itself struggling to keep an ancient operating system secure, long after they should have been dumped; but, the iPhone 4 was first launched on the world in mid-2010, and was still being sold in some countries until early this year.

To be selling a product less than a year ago, and for it now to be inherently risky from the security point of view, feels like a company that doesn't care about the safety of some of its most vulnerable customers – those who can least afford to shell out hundreds of dollars for the very latest gadget.

Do you think Apple is right to leave iOS 7 users in the lurch, or should they do more to support those who bought the iPhone 4 and earlier devices? Leave a comment with your point of view.

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →
  • jeffsters

    The iPhone 4 was released more than 4 years ago and discontinued over a year ago. When you ask if Apple should support iOS7, which you mean iPhone 4, how many Android phones have had as long a shelf life? Not too many.

    You did however leave out the option of using the phone as many people do, and that is as a feature phone. No financial data, no passwords, no banking., etc.

    • Sin Jeong-hun (신정훈)

      Your main point is “Android does worse, so Apple doesn’t have to do better.” It is like saying we don’t have to increase the minimum wage because it is better than slavery in some countries.

      Apple has very few models unlike many Android phone makers. They can easily patch up old devices. We are not demanding new features, just security patches. In many cases, those could be a few lines of code.

      Think about how many working iPhone 4 devices are in the world now. If those are thrown away into trash bins, what an environmental waste.

      • Ryan

        I agree. People want security flaws fixed that shouldn’t have existed in the first place.

  • lseltzer

    You can still get $50 or more for it from Gazelle, and probably do better elsewhere. I’m not sure why, I guess iPhone buyers just love to throw away money.

  • Havenswift Hosting

    Agree that iOS7 should be patched (and what about iPhone 3 users stuck on iOS6) and Apple did go back and release patches for iOS6 after they said they wouldnt but there has to be a cut-off so it is deciding where this should be.

    You say that the major security issue is the memory-corruption in iOS’s core graphics library when using Safari – so is one solution to use Chrome which many people already do ?

    • Ryan

      Then Chrome eventually will require a newer version of iOS than the device will support.

      • GrawKO

        And, now in 2016, it is the case : Chrome needs iOS 9, and I still have iOS 7.1.2 on an iPhone 4 a friend lent me. I just have to deal with it I guess…

        • Ryan

          That’s exactly the point I’m trying to make. This is the way technical progress goes and that more newer apps will continue requiring newer iOS versions than 7.1.2. This is just another one of the old devices no longer supported anymore.

  • Al

    No…you have more choices. Get a Windows phone.

  • Chris Clark

    Apple’s ecosphere operates somewhat like a cult, I’ve even spoken about this in marketing training sessions. Cults get good at benefiting themselves but tend not to benefit their members.

    So perhaps this isn’t a question of will Apple do the right thing, but why sign up to the Apple ecosphere in the first place and expose yourself to being fleeced?

    From a generally happy Android Galaxy II user.

  • David Carr

    Why no mention of Windows Phone as an alternative mobile device choice? I do not like the same gloomy prediction for iPad users running iOS 7

  • Jensen_G

    Most people buy their iPhones on contract and so can get a new $0 iPhone 5C by now since it’s likely been at least 2 years since they bought their 4.

    • Tom C

      That’s a US thing. Most fo the world doesn’t operate that way. Regardless, buying most phones with a contract is throwing away money.

  • Repelsteeltje

    FYI: Earlier this year Apple released a critical security update for older devices that are running iOS6.

  • ikke

    I have a sony xperia s. Relatively good phone (apart from the random reboots happening 3-4 times a week). The update cycle of that phone was 14 months, so where’s the safety in android? Still using 4.1 and getting no patches at all…
    My next phone will be an iPhone. 4 years having the latest os is more acceptable!

    • GrawKO

      On Android you still have the option to use an alternative version of Android such as CyanogenMod to upgrade to newer versions of Android, plus get access to admin features you wouldn’t get with a standard Android OS even customized by corporations. On top of that, even if it would give you the same version as the one you actually have, their would still be bugfixes and several improvements to the system that the original Android OS doesn’t have.
      It’s free and pretty easy to install since a few years, I remember the days when it was really tricky to patch a phone with CyanogenMod and such (RIP my HTC Hero), now it’s done in a few clicks, my grandma could do it with her feet.
      There’s nothing as advanced as this on iPhones, and the situation is almost the same as when Android 1.6 was released (September 2009).
      Right now I’m stuck with an iPhone 4 someone lent me because I can’t afford a new phone, but you can’t imagine how I miss the ability to upgrade the system by myself as I want.

  • YesJude

    what about the 4s?

    • Ryan

      Heck, it fortunately gets the latest iOS 9!!

  • Harsit

    Well, I’ve actually read the page on Microsoft that had informed people on what was happening with XP and if YOU read it and see the place where they say that they are one of the only places that keep on supporting old operating systems I could almost hear them coughing the word *Apple* out. And I kinda agree with that, because even though apple tries to stay innovative, they never really try to be to friendly to users who still use their old products…