Contrary to Apple claims, iOS vulnerability shows email attachments are not being encrypted
posted by Maxwell R. / May 06, 2014, 4:17 PM
Apple claims its data protection encrypts email message attachments. However, Andreas Kurtz was able to set up an IMAP email account, throw in some test emails, turn the iPhone off, and get free access to the email attachments on his iPhone 4.
Using established methods, Kurtz was able to bypass the iPhone’s passcode and see the email attachments unprotected. He was able to do this on iOS 7.0.4, on iOS 7.1, and most recently, 7.1.1 after he alerted Apple about the problem. Having the phone passcode protected is supposed to protect everything on the device. Kurtz was able to reproduce the issue on an iPhone 5s and iPad 2.
Kurtz did inform Apple of his discovery, the company advised him that it was aware of the problem and it would be fixed in an upcoming OS update. When iOS 7.1.1 dropped however, Kurtz was rather surprised that there was no fix implemented, “Considering the long time iOS 7 is available by now and the sensitivity of email attachments many enterprises share on their devices (fundamentally relying on data protection), I expected a near-term patch.”
source: Andreas Kurtz via CNN
Posts: 2962; Member since: Oct 08, 2012
It just works ™
posted on May 06, 2014, 4:21 PM 13
Posts: 6023; Member since: Dec 30, 2010
lol....I see what you did...Kudos on the deflection... :-)
posted on May 06, 2014, 4:43 PM 2
Posts: 5993; Member since: Dec 22, 2010
I wonder how long until iOS 7 is ready for prime time? 7.1.3? 7.1.1 is not secure. Somehow, I doubt 7.1.2 will be secure, either. Which is why I am guessing 7.1.3 will be the one that is ready for prime time. Just before they bail on iOS 7 for iOS 8, and they get to repeat the joke on the customers all over again.
posted on May 07, 2014, 1:20 AM 0
I'd rather have this happen (which it probably will 100% never happen) than download malware on my Note 2 lololol (which will probably also never happen). I wonder how much malware has been on Android phones in the past 5 years.
posted on May 06, 2014, 4:24 PM 2
So you have a phone an don't know what you download or put on it wow we have a smart one here... do us a favor and go jump a ship
posted on May 06, 2014, 5:51 PM 3
Posts: 158; Member since: Feb 17, 2014
As a android user, I will tell you that I have yet to encounter malware then again I only download things from play store only!
posted on May 06, 2014, 6:36 PM 1
Posts: 942; Member since: Feb 02, 2013
Not cool Apple, misleading your users like this. You need to create a patch for this ASAP. In the meantime, should iOS users be fed up with being mislead, you could always ditch your iPhone and go and get the most secure device in mobile. One that's guaranteed to safeguard your information, emails and all. Get a BlackBerry. :)
posted on May 06, 2014, 4:27 PM 5
I still have my BlackBerry Bold 9700. Sometimes I just hold it in my hand and reminisce that beauty of a device.
posted on May 06, 2014, 4:33 PM 1
Posts: 364; Member since: Apr 05, 2013
two security issues in one day for iOS? the sky is falling! quick- uncover an android new vulnrability so the world can go back to normal.
posted on May 06, 2014, 5:25 PM 4
Posts: 405; Member since: Nov 03, 2012
"quick- uncover an android new vulnrability so the world can go back to normal." Best comment I've read all day! Disclaimer: I am an Android user as well as an iOS user and I still find that part funny. :)
posted on May 06, 2014, 7:00 PM 1
Posts: 466; Member since: Apr 24, 2014
And then iFans said that Android is insecure and malware infested.
posted on May 06, 2014, 6:13 PM 7
Posts: 2277; Member since: Sep 21, 2012
They are right. Much more than ios.
posted on May 06, 2014, 6:25 PM 4
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):