Researcher claims Apple isn't encrypting email attachments in iOS 7

Justin Kahn

Posts: 752   +6
Apple currently states that "an additional layer of protection for your email messages attachments, and third-party applications," is in place on iOS 7, but according to a security researcher this is not the case. Andreas Kurtz said in versions of...

[newwindow="https://www.techspot.com/news/56649-researcher-claims-apple-isnt-encrypting-email-attachments-in-ios-7.html"]Read more[/newwindow]
 

Jad Chaar

Posts: 6,481   +976
Eh I find it horrible how this has slipped numerous patches since the release of iOS 7. I would have expected it to be patched in 7.1 or even at worse 7.1.1. Hopefully 7.1.2 is inbound.
 

Skidmarksdeluxe

Posts: 8,645   +3,288
Eh I find it horrible how this has slipped numerous patches since the release of iOS 7. I would have expected it to be patched in 7.1 or even at worse 7.1.1. Hopefully 7.1.2 is inbound.
It shouldn't impact you in the least, you don't seem like the 'secret services' type. :)
 

jobeard

Posts: 14,117   +1,850
Hmm; Two types of encryption;
(a) transmission to/from the post-office (aka https or encryption directly on smtp port) vs.
(b) encryption on the users end-point system as stored on the hd.

for (a), all one needs to verify is the absence of port 25 in the smtp configuration of the users email client program.

for (b) - - imo, all bets are off and that would be a function of the email client OR the use of something like PGP
{where the sender encrypts the the body of the email and then attaches it to the email; the receiver then gets a protected attachment on disk and is responsible to decrypt it him/her self}

Of course, one could enable the MS EFS service, but that's a major pit-fall in and of itself!!

I think there is a misunderstanding by the user here.
 

jobeard

Posts: 14,117   +1,850
In this story:
There are several methods available to hackers allowing them to access an iPhone's files even when it is locked and protected with a passcode. In theory, those files should be encrypted -- appearing as a jumbled mess of numbers and letters. But Kurtz found that email attachments aren't, in fact, encrypted. Kurtz was able to access email attachments on a locked iPhone 4 -- just by plugging it into a computer and using some passcode-bypassing software.
So, Apple wants to store email encrypted, but has failed in their email client. Too bad, as obviously that is highly desirable with mobile devices susceptible to loss or being stolen.

btw: mounting device A on system B and using B to access A's data has been a LONG loophole in security as the filesystem permissions and the ACLs are useless.