iOS 7 Security Flaw Leaves Stored Email Attachments Unencrypted [Updated]

Apple states that it uses data encryption to protect email message attachments, but a report from security researcher Andreas Kurtz, via ZDNet, claims iOS 7.0.4 and later does not include this security feature.

security-flaw-email-attachmentsKurtz detected this flaw in iOS by accessing the file system on an iPhone 4 running iOS 7.1 and 7.1.1. Browsing through the email folder for an IMAP account, Kurtz discovered that the email attachments were stored in an unencrypted state. Besides the iPhone 4, Kurtz also was able to reproduce this vulnerability on an iPhone 5s and an iPad 2 running iOS 7.0.4.

I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account1, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction

Kurtz reported this issue to Apple, which acknowledged the flaw, but provided no timetable for patching it. This isn't the first security issue Apple has faced this year. The company recently patched a serious SSL connection verification flaw in both iOS and OS X that allowed an attacker with a "privileged network position" to capture data protected by SSL/TLS.

Update 3:11 PM PT: In a statement given to iMore, an Apple spokesperson said the company is working on a fix for the issue.

"We're aware of the issue," an Apple spokeswoman told iMore, "and are working on a fix which we will deliver in a future software update."

Top Rated Comments

marvz Avatar
106 months ago
Oh noes... if someone steals my iPhone and then is using some not so easy technique to access the file system of my iPhone then navigating to my email folder can then read my email attachments......

Probably this security flaw affects 0.0001% of iOS users but everyone will think "OMG another security flaw!!!11" :rolleyes:
Score: 34 Votes (Like | Disagree)
DipDog3 Avatar
106 months ago
So iOS versions 7.0.3 and below encrypted attachments? Why would they drop that feature?
Apple's new motto:
If things aren't broken, fix them till they're broken.
Score: 28 Votes (Like | Disagree)
yjchua95 Avatar
106 months ago
I predict that an NSA agent working for Apple will bang his head on his table, while thinking: "How many more loopholes that I inserted will be discovered by the public?"
Score: 25 Votes (Like | Disagree)
spazzcat Avatar
106 months ago
When you email an attachment its not encrypted.
Score: 24 Votes (Like | Disagree)
GeneralChang Avatar
106 months ago
Every time someone says “This consumer electronic device isn’t secure for (x) reason!” and then follows it up with a description that pretty much requires direct hardware access, I have to wonder. How easy do you think it is to steal stuff in my pockets?
Score: 19 Votes (Like | Disagree)
GoodWatch Avatar
106 months ago
Oh noes... if someone steals my iPhone and then is using some not so easy technique to access the file system of my iPhone then navigating to my email folder can then read my email attachments......

Probably this security flaw affects 0.0001% of iOS users but everyone will think "OMG another security flaw!!!11" :rolleyes:
If 'Apple' would read 'Microsoft' this entire forum would come down on them like a ton of bricks...... Don't you think?
Score: 11 Votes (Like | Disagree)

Popular Stories

2022 back to school apple

Apple Launches 2022 Back to School Offer: Up to $150 Gift Card With Mac or iPad

Friday June 24, 2022 5:08 am PDT by
Apple today launched its annual "Back to School" promotion for college/university students in the United States and Canada. This year's promotion offers a free Apple gift card with the purchase of an eligible Mac or iPad, rather than free AirPods like last year. Apple is also offering students 20% off AppleCare+ plans during the promotion. Apple is offering a $150 gift card with the purchase ...
widgets ios 16 feature

Gurman: iPhone 14 Pro to Feature Always-On Display Showing iOS 16's New Lock Screen Widgets

Sunday June 26, 2022 7:36 am PDT by
iPhone 14 Pro models are widely expected to feature always-on displays that allow users to view glanceable information without having to tap to wake the screen. In the latest edition of his Power On newsletter for Bloomberg, Mark Gurman said the feature will include support for iOS 16's new Lock screen widgets for weather, fitness, and more. "Like the Apple Watch, the iPhone 14 Pro will be...
m2 mac mini screen feature

Gurman: Apple Planning M2 Pro Mac Mini, New Apple TV With A14 Chip, Revamped HomePod With S8 Chip, and More

Sunday June 26, 2022 6:31 am PDT by
In the latest edition of his Power On newsletter for Bloomberg, Mark Gurman outlined additional M2 Macs on Apple's product roadmap, including new Mac mini models with M2 and M2 Pro chips, new 14-inch and 16-inch MacBook Pro models with M2 Pro and M2 Max chips, and a new Mac Pro tower with M2 Ultra and "M2 Extreme" chips. Following the M2 series of Macs, Gurman said the first M3 series of...
13 inch macbook pro m2 mock feature 2

Base 13-Inch MacBook Pro With M2 Chip Has Significantly Slower SSD Speeds

Sunday June 26, 2022 2:52 pm PDT by
Following the launch of Apple's new 13-inch MacBook Pro with the M2 chip, it has been discovered that the $1,299 base model with 256GB of storage has significantly slower SSD read/write speeds compared to the equivalent previous-generation model. YouTube channels such as Max Tech and Created Tech tested the 256GB model with Blackmagic's Disk Speed Test app and found that the SSD's read and...
M2 Pro and Max Feature

Apple's Upcoming M2 Pro Chip for High-End MacBook Pro and Mac Mini Will Reportedly Be 3nm

Monday June 27, 2022 7:31 am PDT by
TSMC will manufacture Apple's upcoming "M2 Pro" and "M3" chips based on its 3nm process, according to Taiwanese industry publication DigiTimes. "Apple reportedly has booked TSMC capacity for its upcoming 3nm M3 and M2 Pro processors," said DigiTimes, in a report focused on competition between chipmakers like TSMC and Samsung to secure 3nm chip orders. As expected, the report said TSMC will...
airpods pro 2 1

AirPods Pro 2 Said to Feature Upgraded H1 Chip, Find My, Heart Rate Detection, USB-C and More

Friday June 24, 2022 9:48 am PDT by
The next-generation AirPods Pro could come with a long list of new features that include heart rate detection, the ability to function as a hearing aid, and a USB-C port according to a report from 52Audio. The site claims that it has received new information on the AirPods Pro 2, and it has used that information to provide some renders on what the earbuds might look like. Design wise, there...
tesla carplay hack

Tesla Apple CarPlay Hack Updated to Work With Any Tesla Model

Monday June 27, 2022 3:38 am PDT by
Polish developer Michał Gapiński has released a new and improved version of his "Tesla Android Project" which brings Apple's CarPlay experience to more Tesla vehicles than ever before. According to Gapiński, version 2022.25.1 provides "100% functional CarPlay integration for any Tesla," and comes with several new features and bug fixes. The project now supports DRM video playback so that...