Security expert claims iOS 7 doesn't encrypt email attachments

May 06, 2014 by Bob Yirka report

German security expert Andreas Kurtz, with NESO Security Labs, has posted an entry to his personal blog claiming that the latest version of iOS 7.1.1 (and older versions 7, 7.0.4 and 7.1) does not encrypt email attachments. If true, the revelation would run contrary to what Apple has been advocating on its website, that iOS "provides an additional layer of protection for (..) email messages attachments."

Kurtz describes how he hacked an iPhone in his possession, using what he describes as "well known techniques" and was able to gain access to email folders. Once that was accomplished, he found that he could read as none of them were encrypted. Kurtz says that he notified Apple about his discovery and was told that the company knew about the problem and was working on it but didn't give him a timeframe for when it might be fixed.

To be fair, the flaw is likely only going to be a problem for people who use their phone for sending sensitive attachments—also a would be hacker would have to gain physical access to the phone and would have to have the user's pass-code as well or a jailbreak of some sort. All this means that very few iOS device users are likely to be at risk, e.g. , or corporate engineers working on top secret development projects. Such people could conceivably be targeted specifically based on what they do or who knows about it. The odds that an average citizen would be hacked in such a manner would be almost nil.

Kurtz notes that he was able to read email attachments on an iPhone 4 and 5 and an on an iPad 2 running iOS 7.0.4, demonstrating that the flaw is device independent. He suggests that users wishing to send confidential attachments disable mail synchronization (though refraining from using their phone to do so might be a better option.)

Kurtz actually found the several weeks ago, and it was only after checking to see if it had been fixed and discovering that it had not been that he blogged about what he'd found, expressing disappointment at the slowness of a fix coming from Apple.

Explore further: The Apple iOS 7 'security flaw' is only a problem if you make it so

More information: Andreas Kurtz blog: www.andreas-kurtz.de/2014/04/w… -fix-in-ios-711.html

add to favorites email to friend print save as pdf

Related Stories

Video shows Find My iPhone kill effort without password

Apr 04, 2014

Could a thief bypass protections from the Find My iPhone system? YouTube user Miguel Alvarado this week posted a video "Delete iCloud Account from iPhone without Password iOS 7.1" showing what he did with ...

Apple denies 'backdoor' NSA access

Jan 01, 2014

Apple said Tuesday it had no "backdoor" in its products after a security researcher and a leaked document suggested the US National Security Agency had unfettered access to the iPhone.

Recommended for you

Printing the metals of the future

1 hour ago

3-D printers can create all kinds of things, from eyeglasses to implantable medical devices, straight from a computer model and without the need for molds. But for making spacecraft, engineers sometimes need ...

Turning bio-waste into hydrogen

2 hours ago

Whilst hydrogen cars look set to be the next big thing in an increasingly carbon footprint-aware society, sustainable methods to produce hydrogen are still in their early stages. The HYTIME project is working on a novel production ...

Pfizer's 2Q profit sinks 79 pct but tops forecasts

2 hours ago

(AP)—Pfizer's second-quarter earnings plunged 79 percent from last year, when the world's second-largest drugmaker booked a business spinoff gain of more than $10 billion. The latest results still edged ...

Aetna 2Q profit rises 2.4 percent

2 hours ago

Aetna's second-quarter profit climbed more than 2 percent, as gains from an acquisition helped the health insurer beat analyst expectations and raise its 2014 earnings forecast again.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

dramamoose
5 / 5 (2) May 06, 2014
Why would anyone receiving top-secret or highly sensitive documents be running ios? Or even stock Android?
axemaster
5 / 5 (1) May 06, 2014
Why would anyone receiving top-secret or highly sensitive documents be running ios? Or even stock Android?

The answer is yes.