x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Contrary to Apple claims, iOS vulnerability shows email attachments are not being encrypted

Contrary to Apple claims, iOS vulnerability shows email attachments are not being encrypted

Posted: , by Maxwell R.

Tags:

Contrary to Apple claims, iOS vulnerability shows email attachments are not being encrypted
A security expert in Germany has uncovered a vulnerability in iOS 7.1.1 which leaves email attachments vulnerable since they are apparently not encrypted by Apple’s data protection protocols.

Apple claims its data protection encrypts email message attachments. However, Andreas Kurtz was able to set up an IMAP email account, throw in some test emails, turn the iPhone off, and get free access to the email attachments on his iPhone 4.

Using established methods, Kurtz was able to bypass the iPhone’s passcode and see the email attachments unprotected. He was able to do this on iOS 7.0.4, on iOS 7.1, and most recently, 7.1.1 after he alerted Apple about the problem. Having the phone passcode protected is supposed to protect everything on the device. Kurtz was able to reproduce the issue on an iPhone 5s and iPad 2.

Kurtz did inform Apple of his discovery, the company advised him that it was aware of the problem and it would be fixed in an upcoming OS update. When iOS 7.1.1 dropped however, Kurtz was rather surprised that there was no fix implemented, “Considering the long time iOS 7 is available by now and the sensitivity of email attachments many enterprises share on their devices (fundamentally relying on data protection), I expected a near-term patch.”

source: Andreas Kurtz via CNN

40 Comments
  • Options
    Close




posted on 06 May 2014, 16:21 13

1. Ninetysix (Posts: 1331; Member since: 08 Oct 2012)


It just works ™

posted on 06 May 2014, 16:43 2

5. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


lol....I see what you did...Kudos on the deflection...

:-)

posted on 07 May 2014, 01:20

38. Droid_X_Doug (Posts: 5523; Member since: 22 Dec 2010)


I wonder how long until iOS 7 is ready for prime time? 7.1.3? 7.1.1 is not secure. Somehow, I doubt 7.1.2 will be secure, either. Which is why I am guessing 7.1.3 will be the one that is ready for prime time. Just before they bail on iOS 7 for iOS 8, and they get to repeat the joke on the customers all over again.

posted on 06 May 2014, 16:46

8. Arte-8800 (limited) (Posts: 3086; Member since: 13 Mar 2014)


What's with the "Trademark"....?

That "TROLL" guy only uses that... and use to use that

posted on 06 May 2014, 17:01

11. Sauce (unregistered)


So now it's ™© ?

posted on 06 May 2014, 20:29 1

25. 0xFFFF (Posts: 1980; Member since: 16 Apr 2014)


⌘ It just works™ for the NSA ⌘

posted on 07 May 2014, 00:48

37. Ashoaib (Posts: 1202; Member since: 15 Nov 2013)


Another day, another vulnerability in ios... the most secure os. Well thats innovative, I hope samsung will not copy it :p

posted on 06 May 2014, 16:24 2

2. Sauce (unregistered)


I'd rather have this happen (which it probably will 100% never happen) than download malware on my Note 2 lololol (which will probably also never happen).

I wonder how much malware has been on Android phones in the past 5 years.

posted on 06 May 2014, 16:44

6. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


edit...

posted on 06 May 2014, 16:48

9. thealphageek1 (banned) (Posts: 942; Member since: 02 Feb 2013)


Edit to the edit....

posted on 06 May 2014, 17:51 3

13. wilsong17 (Posts: 707; Member since: 10 Mar 2013)


So you have a phone an don't know what you download or put on it wow we have a smart one here... do us a favor and go jump a ship

posted on 06 May 2014, 18:03

14. Sauce (unregistered)


We have two smart ones here apparently!

One that intentionally puts malware on his Note 2

and

One that is so smart he skips the parentheses

posted on 06 May 2014, 18:22 2

17. wilsong17 (Posts: 707; Member since: 10 Mar 2013)


Oh we have teacher here watch out we are getting detention

posted on 06 May 2014, 18:36 1

19. dontneedtoknow (Posts: 135; Member since: 17 Feb 2014)


As a android user, I will tell you that I have yet to encounter malware then again I only download things from play store only!

posted on 06 May 2014, 18:42

20. Sauce (unregistered)


Like I said, hasn't happened to me and probably won't

Just happens to lots of people in general :)

posted on 06 May 2014, 21:44 1

29. networkdood (Posts: 6244; Member since: 31 Mar 2010)


I would not know as malware has never entered into any Android device that I have own....it is called ....'USING YOUR BRAIN"

posted on 06 May 2014, 16:27 5

3. thealphageek1 (banned) (Posts: 942; Member since: 02 Feb 2013)


Not cool Apple, misleading your users like this. You need to create a patch for this ASAP.

In the meantime, should iOS users be fed up with being mislead, you could always ditch your iPhone and go and get the most secure device in mobile. One that's guaranteed to safeguard your information, emails and all. Get a BlackBerry. :)

posted on 06 May 2014, 16:33 1

4. Sauce (unregistered)


I still have my BlackBerry Bold 9700. Sometimes I just hold it in my hand and reminisce that beauty of a device.

posted on 06 May 2014, 16:44

7. thealphageek1 (banned) (Posts: 942; Member since: 02 Feb 2013)


A beauty of a device indeed! Can't wait to see how the BlackBerry Q20 "Classic" turns out!

posted on 06 May 2014, 16:57

10. Arte-8800 (limited) (Posts: 3086; Member since: 13 Mar 2014)


I remember that phone as well as the Nokia E71

posted on 06 May 2014, 18:11

15. thealphageek1 (banned) (Posts: 942; Member since: 02 Feb 2013)


E71 was a beauty!

posted on 06 May 2014, 21:49

32. Sauce (unregistered)


Indeed it was. I miss my Bold now :(

posted on 06 May 2014, 17:25 4

12. grahaman27 (Posts: 345; Member since: 05 Apr 2013)


two security issues in one day for iOS? the sky is falling! quick- uncover an android new vulnrability so the world can go back to normal.

posted on 06 May 2014, 19:00 1

21. Deaconclgi (Posts: 207; Member since: 03 Nov 2012)


"quick- uncover an android new vulnrability so the world can go back to normal." Best comment I've read all day!

Disclaimer: I am an Android user as well as an iOS user and I still find that part funny. :)

posted on 06 May 2014, 18:13 7

16. AJagtiani (Posts: 357; Member since: 24 Apr 2014)


And then iFans said that Android is insecure and malware infested.

posted on 06 May 2014, 18:25 4

18. XperiaFanZone (Posts: 1101; Member since: 21 Sep 2012)


They are right. Much more than ios.

posted on 06 May 2014, 21:43 2

28. mas11 (Posts: 1025; Member since: 30 Mar 2012)


Android has a lot of malware written for it, however it has fewer vulnerabilities than iOS

posted on 06 May 2014, 21:50 1

33. Sauce (unregistered)


How? Someone can go and get some malware right now if they wanted to. Download an app and BOOOOOM! It magically gets on your phone, in the snap of a finger :D

posted on 06 May 2014, 19:14

22. bkzebraphone (Posts: 36; Member since: 12 Dec 2012)


So good thing I don't use it? Since I use the gmail app

posted on 06 May 2014, 19:51

23. techperson211 (Posts: 417; Member since: 27 Feb 2014)


And this is why we call it innovative thinking . We know about the glitch . What a pathetic comment. Coming from the most secure os.

posted on 06 May 2014, 20:10 1

24. NokiaFTW (Posts: 1671; Member since: 24 Oct 2012)


In terms of market share:
Android > iOS > WP > BB

In terms of security:
BB > WP > iOS > Android

posted on 06 May 2014, 20:31 4

26. 0xFFFF (Posts: 1980; Member since: 16 Apr 2014)


Another name for that is "security through obscurity".

posted on 06 May 2014, 21:10 1

27. grahaman27 (Posts: 345; Member since: 05 Apr 2013)


lol..

posted on 07 May 2014, 09:17

40. thealphageek1 (banned) (Posts: 942; Member since: 02 Feb 2013)


There's nothing obscure about being secure.

posted on 06 May 2014, 21:45 2

30. networkdood (Posts: 6244; Member since: 31 Mar 2010)


I would put it for security as:
BB>Android>WP>iOS

posted on 07 May 2014, 00:09

36. NokiaFTW (Posts: 1671; Member since: 24 Oct 2012)


That's biased. There's no way Android is more secure than WP & iOS.

posted on 06 May 2014, 23:03

35. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


I wouldnt be so quick to put WP after BB for security...

Just based on the browsers alone....Android might be more secure than WP. Also...see security through obscurity....

posted on 06 May 2014, 21:46 3

31. networkdood (Posts: 6244; Member since: 31 Mar 2010)


The NSA loves iPhones...

posted on 06 May 2014, 22:31 2

34. winter_hat (Posts: 91; Member since: 04 Feb 2013)


Then it's a good thing Apple won't let me send or receive email attachments. Or barely.

posted on 07 May 2014, 02:06

39. flipjzn (Posts: 126; Member since: 22 Jun 2012)


So, what'/ Kurtz' established method?

Want to comment? Please login or register.

Latest stories