Your iPhone Passcode Is Not Enough To Protect Your Data. Here's Why
There is a bug in iOS 7 that prevents email attachments from being encrypted on your device. The good news is, Apple's already working on a solution.
By Sadho Ram — 07 May 2014, 02:20 PM — Updated over 10 years ago
There is a bug in iOS 7.1.1 that does not encrypt email attachments, making it possible for anyone to read what you send and receive though your iPad or iPhone
If you’re an iOS user who uses their emails to send encrypted attachments often, or need that kind of security for your job, it seems that you might want to consider putting a stop on sending emails from your phone, at least for now. This is because of a bug in iOS 7 which apparently no longer encrypts email attachments.
ubergizmo.com
Although Apple has known about the issue for at least a month now and, the problem has not yet been remedied, a fix is presumably on its way
Apple's statement on the issue simply said, "We're aware of the issue and are working on a fix which we will deliver in a future software update."
appleinsider.comIt was first reported by security researcher Andreas Kurtz who noted the flaw all the way back in iOS 7.0.4
It was discovered by security researchers that it no longer seems to be functioning and is no longer properly encrypting data. According to researcher Andreas Kurtz, he tested this out and he “verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account, which provided me with some test emails and attachments.”
ubergizmo.com
This isn't supposed to happen because mail attachments are supposed to be protected by Apple's Data Protection technologies. Data Protection is supposed offer users "an additional layer of protection for your email messages attachments, and third-party applications."
mashable.com
Technically, if someone steals your iPhone, they won't be able to access the data without knowing your passcode
The problem, Kurtz found, was that by using an iOS jailbreak tool, he was able to access the file system and found that message attachments are not encrypted.
businessinsider.in
An attacker would either need your passcode, or a jailbreak that works without a passcode, allowing him access to the file system
Engst and Mogull explain: That's how Kurtz was able to attack an iPhone 4. It's unclear how he was able to reproduce on an iPhone 5s and iPad 2 running iOS 7.0.4, since more recent devices running iOS 7 aren't susceptible to a jailbreak without the passcode. It's possible that Kurtz had already jailbroken his iPhone 5s and iPad 2, so they weren't as protected as a normal device would be. The bug means that email attachments still aren't encrypted on those devices, but there isn't a way to get to them.
ubergizmo.com
While Apple is working on the fix, it's important to understand the real-world risk this vulnerability holds
First, this is the sort of vulnerability that requires physical access to your device. This is not something that attackers can access using malware or over a network.
appleinsider.comSecond, as Rich Mogull and Adam Engst point out, to access the data without a passcode, an attacker would need to use a jailbreak technique to bypass the device's security. And given the state of iOS 7.1.x jailbreaks, that might be easier said than done.
zdnet.comTo reiterate, this is a real problem, but taking advantage of this bug requires the right set of circumstances and technical knowledge.
appleinsider.com