Apple iOS 7 does not encrypt email attachments, researcher claims

By on

While Apple is talking about data protection placed on iOS 7, by protecting the hardware encryption keys with your passcode, which simply means additional protection for your email messages attachments, and third-party applications, a researcher claimed otherwise.

According to Andreas Kurtz of the NESO Security Labs GmbH, versions of iOS 7 email attachments within the stock Mail app are not covered by Apple’s data protection.

In an official blog post by Kurtz, he said that he noticed that email attachments within the iOS 7 MobileMail.app are not protected by Apple’s data protection mechanisms.

?I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction.?

He said that he reported these to Apple and that the company is actually aware of it, but did not state any date when a fix is to be expected.

He also said that he is expecting a near-term patch, but to no avail. He added that unfortunately, “with the iOS 7.1.1, Apple did not remedy the issue, leaving users at risk of data theft.”

Notwithstanding issues like this, Apple still has security content for iOS 7.

iOS provides built-in security from the moment you turn on your device. That?s because the hardware, firmware, and operating system include features designed to help your device ? and what you put on it ? stay safe,” Apple said in the iOS 7 page.

Security content for iOS 7 includes the following:

? Certificate Trust Policy
? CoreGraphics
? Data Protection
? Data Security
? dyld
? File Systems
? ImageIO
? IOKit
? IOKitUser
? IOSerialFamily
? IPSec
? Kernel
? Kext Management
? libxml
? libxslt
? Passcode Lock
? Personal Hotspot
? Push Notifications
? Safari
? Sandbox
? Social
? Springboard
? Telephony
? Twitter
? Webkit

(Photo courtesy of http://www.apple.com/ios/ios7-basics/)

About the author

To Top