Adding to the recent recent slew of bugs and issues within iOS 7, it now seems that emails sent with attachments are not encrypted, despite Apple's claims that they are.
According to security researcher Andreas Kurtz, versions of iOS 7, iOS 7.0.4, iOS 7.1, and the current iOS 7.1.1 release do not encrypt email attachments sent through the stock iOS Mail application.
Using an iPhone 4 (GSM), Kurtz set up an IMAP email account, shutdown the device, and accessed the file system. After mounting the iOS data partition, he found the folder containing all of the emails and found that all attachments could be easily accessed without any encryption. Yikes!
Worst of all, Apple claims that there is an additional layer of protection for email message attachments and third-party applications, if your device is password-protected. If you go to Settings -> Passcode and scroll to the bottom of the page, you can see for yourself that Apple is indeed claiming your data is "protected."
Apple has yet to provide a timetable as to when they'll release an update to fix this issue, but it should be soon. Thankfully, it seems that the only way hackers can access the email attachments are directly through the smartphone, rather than using any type of remote access.
To protect yourself, use alternatives to Apple's email application until an update is released, like Gmail and Mailbox. Or you can send links to attachments stored in a cloud, rather than the file itself.
Unfortunately, this isn't the first security issue that Apple has had this year. Just recently, Apple released iOS 7.1.1 in order to patch a bug that allowed hackers to bypass HTTPS encryption protections that monitor sensitive traffic being transmitted by vulnerable devices. Let's hope this latest bug is squashed in short order, and that it's hopefully the last one we see for a while.
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
Be the First to Comment
Share Your Thoughts