iOS 7 security flaw leaves email attachments vulnerable
A glaring bug in Apple’s iOS 7 mobile operating system has resulted in every email attachment on iPhones and iPads being left completely unencrypted, according to new disclosures.
According to the official support documentation provided by Apple, iOS provides data protection on all devices that offer hardware encryption -- specifically the iPhone 3GS and later, all iPads, and the third-generation iPod touch and later.
But security researcher Andreas Kurtz has discovered that iOS version 7.0.4 and later, including 7.1.1, has a bug that results in attachments not being encrypted.
Kurtz, who has reported on Apple’s security blunders in the past, said:
I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction.
He added that Apple "responded that they were aware of this issue, but did not state any date when a fix is to be expected".
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.