Contrary to Apple claims, iOS vulnerability shows email attachments are not being encrypted

Contrary to Apple claims, iOS vulnerability shows email attachments are not being encrypted
A security expert in Germany has uncovered a vulnerability in iOS 7.1.1 which leaves email attachments vulnerable since they are apparently not encrypted by Apple’s data protection protocols.

Apple claims its data protection encrypts email message attachments. However, Andreas Kurtz was able to set up an IMAP email account, throw in some test emails, turn the iPhone off, and get free access to the email attachments on his iPhone 4.

Using established methods, Kurtz was able to bypass the iPhone’s passcode and see the email attachments unprotected. He was able to do this on iOS 7.0.4, on iOS 7.1, and most recently, 7.1.1 after he alerted Apple about the problem. Having the phone passcode protected is supposed to protect everything on the device. Kurtz was able to reproduce the issue on an iPhone 5s and iPad 2.

Kurtz did inform Apple of his discovery, the company advised him that it was aware of the problem and it would be fixed in an upcoming OS update. When iOS 7.1.1 dropped however, Kurtz was rather surprised that there was no fix implemented, “Considering the long time iOS 7 is available by now and the sensitivity of email attachments many enterprises share on their devices (fundamentally relying on data protection), I expected a near-term patch.”

source: Andreas Kurtz via CNN

FEATURED VIDEO

40 Comments

1. Ninetysix

Posts: 2965; Member since: Oct 08, 2012

It just works ™

5. jroc74

Posts: 6023; Member since: Dec 30, 2010

lol....I see what you did...Kudos on the deflection... :-)

38. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

I wonder how long until iOS 7 is ready for prime time? 7.1.3? 7.1.1 is not secure. Somehow, I doubt 7.1.2 will be secure, either. Which is why I am guessing 7.1.3 will be the one that is ready for prime time. Just before they bail on iOS 7 for iOS 8, and they get to repeat the joke on the customers all over again.

8. Arte-8800

Posts: 4562; Member since: Mar 13, 2014

What's with the "Trademark"....? That "TROLL" guy only uses that... and use to use that

11. Sauce unregistered

So now it's ™© ?

25. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

⌘ It just works™ for the NSA ⌘

37. Ashoaib

Posts: 3297; Member since: Nov 15, 2013

Another day, another vulnerability in ios... the most secure os. Well thats innovative, I hope samsung will not copy it :p

2. Sauce unregistered

I'd rather have this happen (which it probably will 100% never happen) than download malware on my Note 2 lololol (which will probably also never happen). I wonder how much malware has been on Android phones in the past 5 years.

6. jroc74

Posts: 6023; Member since: Dec 30, 2010

edit...

9. thealphageek1

Posts: 942; Member since: Feb 02, 2013

Edit to the edit....

13. wilsong17 unregistered

So you have a phone an don't know what you download or put on it wow we have a smart one here... do us a favor and go jump a ship

14. Sauce unregistered

We have two smart ones here apparently! One that intentionally puts malware on his Note 2 and One that is so smart he skips the parentheses

17. wilsong17 unregistered

Oh we have teacher here watch out we are getting detention

19. dontneedtoknow

Posts: 158; Member since: Feb 17, 2014

As a android user, I will tell you that I have yet to encounter malware then again I only download things from play store only!

20. Sauce unregistered

Like I said, hasn't happened to me and probably won't Just happens to lots of people in general :)

29. networkdood

Posts: 6330; Member since: Mar 31, 2010

I would not know as malware has never entered into any Android device that I have own....it is called ....'USING YOUR BRAIN"

3. thealphageek1

Posts: 942; Member since: Feb 02, 2013

Not cool Apple, misleading your users like this. You need to create a patch for this ASAP. In the meantime, should iOS users be fed up with being mislead, you could always ditch your iPhone and go and get the most secure device in mobile. One that's guaranteed to safeguard your information, emails and all. Get a BlackBerry. :)

4. Sauce unregistered

I still have my BlackBerry Bold 9700. Sometimes I just hold it in my hand and reminisce that beauty of a device.

7. thealphageek1

Posts: 942; Member since: Feb 02, 2013

A beauty of a device indeed! Can't wait to see how the BlackBerry Q20 "Classic" turns out!

10. Arte-8800

Posts: 4562; Member since: Mar 13, 2014

I remember that phone as well as the Nokia E71

15. thealphageek1

Posts: 942; Member since: Feb 02, 2013

E71 was a beauty!

32. Sauce unregistered

Indeed it was. I miss my Bold now :(

12. grahaman27

Posts: 364; Member since: Apr 05, 2013

two security issues in one day for iOS? the sky is falling! quick- uncover an android new vulnrability so the world can go back to normal.

21. Deaconclgi

Posts: 405; Member since: Nov 03, 2012

"quick- uncover an android new vulnrability so the world can go back to normal." Best comment I've read all day! Disclaimer: I am an Android user as well as an iOS user and I still find that part funny. :)

16. AJagtiani

Posts: 466; Member since: Apr 24, 2014

And then iFans said that Android is insecure and malware infested.

18. XperiaFanZone

Posts: 2278; Member since: Sep 21, 2012

They are right. Much more than ios.

28. mas11

Posts: 1034; Member since: Mar 30, 2012

Android has a lot of malware written for it, however it has fewer vulnerabilities than iOS

33. Sauce unregistered

How? Someone can go and get some malware right now if they wanted to. Download an app and BOOOOOM! It magically gets on your phone, in the snap of a finger :D

22. bkzebraphone

Posts: 38; Member since: Dec 12, 2012

So good thing I don't use it? Since I use the gmail app

23. techperson211

Posts: 1280; Member since: Feb 27, 2014

And this is why we call it innovative thinking . We know about the glitch . What a pathetic comment. Coming from the most secure os.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.