Contrary to Apple claims, iOS vulnerability shows email attachments are not being encrypted
Apple claims its data protection encrypts email message attachments. However, Andreas Kurtz was able to set up an IMAP email account, throw in some test emails, turn the iPhone off, and get free access to the email attachments on his iPhone 4.
Using established methods, Kurtz was able to bypass the iPhone’s passcode and see the email attachments unprotected. He was able to do this on iOS 7.0.4, on iOS 7.1, and most recently, 7.1.1 after he alerted Apple about the problem. Having the phone passcode protected is supposed to protect everything on the device. Kurtz was able to reproduce the issue on an iPhone 5s and iPad 2.
Kurtz did inform Apple of his discovery, the company advised him that it was aware of the problem and it would be fixed in an upcoming OS update. When iOS 7.1.1 dropped however, Kurtz was rather surprised that there was no fix implemented, “Considering the long time iOS 7 is available by now and the sensitivity of email attachments many enterprises share on their devices (fundamentally relying on data protection), I expected a near-term patch.”
source: Andreas Kurtz via CNN
Posts: 2965; Member since: Oct 08, 2012
posted on May 06, 2014, 4:21 PM 13
Posts: 6023; Member since: Dec 30, 2010
posted on May 06, 2014, 4:43 PM 2
Posts: 5993; Member since: Dec 22, 2010
posted on May 07, 2014, 1:20 AM 0
posted on May 06, 2014, 4:24 PM 2
posted on May 06, 2014, 5:51 PM 3
Posts: 158; Member since: Feb 17, 2014
posted on May 06, 2014, 6:36 PM 1
Posts: 942; Member since: Feb 02, 2013
posted on May 06, 2014, 4:27 PM 5
posted on May 06, 2014, 4:33 PM 1
Posts: 364; Member since: Apr 05, 2013
posted on May 06, 2014, 5:25 PM 4
Posts: 405; Member since: Nov 03, 2012
posted on May 06, 2014, 7:00 PM 1
Posts: 466; Member since: Apr 24, 2014
posted on May 06, 2014, 6:13 PM 7
Posts: 2278; Member since: Sep 21, 2012
posted on May 06, 2014, 6:25 PM 4
PhoneArena Comments Rules
A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
- Off-topic talk - you must stick to the subject of discussion
- Trolling - see a description
- Flame wars
- Offensive, hate speech - if you want to say something, say it politely
- Spam/Advertisements - these posts are deleted
- Multiple accounts - one person can have only one account
- Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):