Cisco releases full details on problem at Duke: While widely reported that one or two Apple iPhones out of about 150 used on Duke University's Wi-Fi network were bringing down groups of a dozen to 30 access points at one time, it turns out it was a Cisco fault all along that the iPhone triggered. A Duke assistant IT director initially blamed the iPhone for the problem. He later posted a note on his blog that he "regret[ted]" sounding quite so sure it was the iPhones' fault.
Cisco's security advisory, "Wireless ARP [Address Resolution Protocol] Storm Vulnerabilities," explains how in a very particular set of circumstances, a mobile device moving between access points and retaining certain information could cause Cisco network controllers to produce a storm of ARP requests. When I first heard about this problem in email from Miller--I declined to write about this because I thought it was too speculative at the time--the 18,000 ARP requests being made per second seemed like far too high a number to be produced over a wireless connection by a single mobile device.
While the advisory doesn't cite the Duke situation, the company confirmed that the Duke situation was what triggered this advisory and update, according to Network World.
The iPhone is now in the clear as the culprit, just the trigger. It's likely we'll see more vulnerabilities and bugs show up, however, because of the extreme mobility and promiscuity of the iPhone. It's willing to connect to any network it knows whenever it sees it, and to hop off onto EDGE whenever the network performance drops too low.