iOS 7 bug leaves email attachments unencrypted,Apple Working on a fix
Posted On:
May 5, 2014
Do you usually access sensitive document attachments on your
iDevices (iPhone,iPod, and iPad), stuff like invoices, contracts, bank
statements and etc?
ZDNet
quotes that security researcher named Andreas Kurtz claims that a
security flaw has found in iOS 7, iOS 7.0.4, iOS 7.1 and even the latest
iOS 7.1.1 wherein it does not encrypt message attachments.
This
means your security and privacy could be compromised because your iOS
Device is storing email attachments in unencrypted form which means it's
making stored attachments easily readable by using a piece of software
to browse those sensitive documents attached on your iPhone,iPod, and
iPad.
Despite Apple's support document
stating that “Data protection in iOS provides an additional layer of
protection for your email messages attachments, and third-party
applications.”
Kurtz confirmed
the issue by restoring a GSM iPhone 4 to iOS version 7.1.1 and testing
attachment security for an IMAP email account.
I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction.
0 comments: