Apple's latest iPhone software update turns iPhones that have been "unlocked" into very expensive paperweights, according to users.
Yesterday's iPhone 1.1.1 update breaks phones that have been hacked so that they work on mobile networks other than AT&T, the only US carrier Apple has allowed iPhones to work with.
Earlier this week the company warned that unlocked iPhones "will likely result in the modified iPhone becoming permanently inoperable when a future Apple-supplied iPhone software update is installed."
Shortly after latest update was released, users of unlocked iPhones began reporting problems.
Security researcher Tom Ferris said the new software disabled a phone that had been unlocked using the open-source anySIM software to work on T-Mobile USA's network. After the update, the iPhone was stuck with an error message and apparently unusable.
"It kept saying 'unsupported SIM card,' even with the AT&T SIM card in it," he said. "You can turn the phone off or on, but we just can't figure out how to get past this 'SIM card not supported'."
SIM cards contain account information and are used to authenticate devices on certain types of mobile networks. Unlocked iPhones can use SIM cards from non-AT&T networks.
Others were reporting similar problems.
The update also appears to disable the 'Jailbreak' hack which allows users to install unsupported software on the iPhone, Ferris said. After the 1.1.1 patch was installed it wiped out all of the third-party applications he had installed on a second iPhone, he said.
The new software is Apple's biggest iPhone update to date, and it fixes a number of security flaws in the mobile phone's browser, mail client and Bluetooth networking server.
The majority of the flaws do not appear to be critical, but the update fixes a larger number of bugs than the first iPhone update, released 31 July.
Hackers have said that the iPhone's browser and mail clients are the most likely sources of software flaws and this release bears that out. Apple fixed seven flaws in the Safari browser, two in the iPhone's mail client and one Bluetooth bug with the release.
The Bluetooth flaw could be the most serious - Apple said that it could allow an attacker to run unauthorised code on the iPhone - but because Bluetooth works over a range of just a few feet, the attacker would have to be standing near the victim for any exploit to work, said Andrew Storms, director of security operations with nCircle Network Security.
Noted hacker HD Moore agreed that the Bluetooth flaw was serious. "The only bad issue here is the Bluetooth [flaw]," he said via email. "I will start working on this tonight."
Though there may be some technical limitations to what an attacker could do by exploiting this bug, it "could be a nasty remote exploit," he added.
Earlier this week, Moore added iPhone hacking capabilities to the Metasploit hacking tool that he develops.
Mobile phone users typically cannot update their own software, but Apple introduced this capability in the iPhone, which uses the update mechanism in the phone's iTunes music player.
iTunes checks for these updates once per week, so it may take up to seven days for all iPhone users to see these updates. Apple advises users to install the update immediately.