iOS email encryption isn't as safe as Apple led you to believe

News
By Nick Pino
published

Researcher claims encryption may not be all it's cut out to be

iOS 7.1
iOS 7.1.1's email security is likely bad to the bone

The maelstrom of internet security risks keeps on brewing, this time involving the Apple's latest iOS update, iOS 7.1.1.

The day after the new system's release, security researcher Andreas Kurtz wrote on his blog about a serious flaw in the system's ability to encrypt email attachments within the MobileMail.app. He wrote to Apple immediately.

Kurtz setup an IMAP email account and sent out some test emails with attachments. He shut the phone down and used "well-known techniques" to recover the attachments "without any encryption/restriction."

"They responded that they were aware of this issue, but did not state any date when a fix is to be expected," Kurtz wrote, speaking about Apple's response.

"Considering the long time iOS 7 is available by now and the sensitivity of email attachments many enterprises share on their devices (fundamentally relying on data protection), I expected a near-term patch. Unfortunately, even today's iOS 7.1.1 did not remedy the issue, leaving users at risk of data theft."

TechRadar received a similar response from Apple about a possible flaw in Data Protection, stating:"We're aware of the issue and are working on a fix which we will deliver in a future software update."

The plot thickens

What's worse is that this isn't just an issue for 7.1.1 users, but for anyone using iOS 7.1 or version 7.0.4 as well. Is Apple saying "too bad, so sad" to its trusting business-class users?

Some have suggested that this problem is fairly niche, with iOS 7-running devices before iPhone 4S and iPad 2 the most vulnerable due to the imbued hardware.

While Apple may not be known for their airtight security when it comes to operating systems, these are the people who recently embedded fingerprint-scanning technology into their flagship iPhone 5S.

These software updates are generally tens of thousands of lines long and, realistically, come with a few possible exploits.

While Kurtz goes on to suggest concerned users can disable news synchronization, it seems like this is more a concern for government workers and law enforcement agencies and less likely a concern when trying to keep your vacation pics safe.

  • Here's everything TechRadar knows about the iPhone 6
Nick Pino
Nick Pino

Nick Pino is Managing Editor, TV and AV for TechRadar's sister site, Tom's Guide. Previously, he was the Senior Editor of Home Entertainment at TechRadar, covering TVs, headphones, speakers, video games, VR and streaming devices. He's also written for GamesRadar+, Official Xbox Magazine, PC Gamer and other outlets over the last decade, and he has a degree in computer science he's not using if anyone wants it.