iOS 7 bug leaves email attachments unencrypted,Apple Working on a fix

Posted On: May 5, 2014
Do you usually access sensitive document attachments on your iDevices (iPhone,iPod, and iPad), stuff like invoices, contracts, bank statements and etc?

ZDNet quotes that security researcher named Andreas Kurtz claims that a security flaw has found in iOS 7, iOS 7.0.4, iOS 7.1 and even the latest iOS 7.1.1 wherein it does not encrypt message attachments.

This means your security and privacy could be compromised because your iOS Device is storing email attachments in unencrypted form which means it's making stored attachments easily readable by using a piece of software to browse those sensitive documents attached on your iPhone,iPod, and iPad.

Despite Apple's support document stating that “Data protection in iOS provides an additional layer of protection for your email messages attachments, and third-party applications.”

Kurtz confirmed the issue by restoring a GSM iPhone 4 to iOS version 7.1.1 and testing attachment security for an IMAP email account.
I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction.

Kurtz found that Apple’s data protection technology in iOS 7 does not extend to email attachments and also verified the existence of the nasty bug that can be found in iPad 2 and and iPhone 5s running iOS version 7.0.4.

According to the researcher Apple said that they are aware of the issue and is working on a fix. No dates  on when the fix for this issue will be release, but it shouldn’t be long because attachment encryption is crucial for businesses that use iOS devices.

0 comments: