TechSpot

Researcher claims Apple isn't encrypting email attachments in iOS 7

By Justin Kahn
May 5, 2014
Post New Reply
  1. Apple currently states that "an additional layer of protection for your email messages attachments, and third-party applications," is in place on iOS 7, but according to a security researcher this is not the case. Andreas Kurtz said in versions of...

    Read more
     
  2. Jad Chaar

    Jad Chaar TS Evangelist Posts: 6,477   +965

    Eh I find it horrible how this has slipped numerous patches since the release of iOS 7. I would have expected it to be patched in 7.1 or even at worse 7.1.1. Hopefully 7.1.2 is inbound.
     
  3. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,492   +2,044

    It shouldn't impact you in the least, you don't seem like the 'secret services' type. :)
     
    Jad Chaar likes this.
  4. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    Hmm; Two types of encryption;
    (a) transmission to/from the post-office (aka https or encryption directly on smtp port) vs.
    (b) encryption on the users end-point system as stored on the hd.

    for (a), all one needs to verify is the absence of port 25 in the smtp configuration of the users email client program.

    for (b) - - imo, all bets are off and that would be a function of the email client OR the use of something like PGP
    {where the sender encrypts the the body of the email and then attaches it to the email; the receiver then gets a protected attachment on disk and is responsible to decrypt it him/her self}

    Of course, one could enable the MS EFS service, but that's a major pit-fall in and of itself!!

    I think there is a misunderstanding by the user here.
     
  5. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    Btw: the ref to MS EFS is a metaphor
     
  6. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    In this story:
    So, Apple wants to store email encrypted, but has failed in their email client. Too bad, as obviously that is highly desirable with mobile devices susceptible to loss or being stolen.

    btw: mounting device A on system B and using B to access A's data has been a LONG loophole in security as the filesystem permissions and the ACLs are useless.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...