Wednesday, 7 May 2014

Contrary to Apple claims, iOS vulnerability shows email attachments are not being encrypted

A security expert in Germany has uncovered a vulnerability in iOS 7.1.1 which leaves email attachments vulnerable since they are apparently not encrypted by Apple’s data protection protocols.
Apple claims its data protection encrypts email message attachments. However, Andreas Kurtz was able to set up an IMAP email account, throw in some test emails, turn the iPhone off, and get free access to the email attachments on his iPhone 4.Using established methods, Kurtz was able to bypass the iPhone’s passcode and see the email attachments unprotected. He was able to do this on iOS 7.0.4, on iOS 7.1, and most recently, 7.1.1 after he alerted Apple about the problem. Having the phone passcode protected is supposed to protect everything on the device. Kurtz was able to reproduce the issue on an iPhone 5s and iPad 2.Kurtz did inform Apple of his discovery, the company advised him that it was aware of the problem and it would be fixed in an upcoming OS update. When iOS 7.1.1 dropped however, Kurtz was rather surprised that there was no fix implemented, “Considering the long time iOS 7 is available by now and the sensitivity of email attachments many enterprises share on their devices (fundamentally relying on data protection), I expected a near-term patch.”


source: Andreas Kurtz via CNN

No comments:

Post a Comment