Feeds

Researcher says Apple fibs about crypto for iOS email attachments

Latest iPad and iPad firmware reveals attachments in clear text

Security for virtualized datacentres

Apple has been busted for falsely claiming that email attachments sent from iOS are encrypted.

German researcher Andreas Kurtz found email attachments for POP, IMAP and ActiveSync accounts were available in clear text on iPhone 4, 5s and iPad 2 devices.

"A few weeks ago, I noticed that email attachments within the iOS 7 MobileMail.app are not protected by Apple's data protection mechanisms," Kurtz said in a blog.

"Considering the long time iOS 7 is available by now (sic) and the sensitivity of email attachments many enterprises share on their devices - fundamentally relying on data protection - I expected a near-term patch."

Email attachments were exposed on firmware iOS 7.1.1, 7.1 and 7.0.4 which Kurtz probed by jailbreaking devices using free tools.

The findings contradict Apple's claims on its website that email attachments on all devices newer than the iPhone 3GS were protected by encryption.

Kurtz said Apple was aware of the problem but did not say when a patch would be ready.

Apple has been contacted for comment.

Email attachments were at present safe from prying eyes on new devices such as the iPhone 4s, 5s and 5c running the latest iOS platforms for which jailbreaks have yet to be released.

That's because the jailbreak security modification was required for users to access the internals of iDevices including the ability to nab email attachments.

Kurtz suggested users of affected devices consider disabling mail synchronisation as an albeit inconvenient workaround.

The Neso Security Labs co-founder had last year tipped off Cupertino to a flaw in its personal hotspot function that allowed attackers to join the network by predicting passwords. Apple fixed that flaw by increasing password entropy. ®

Beginner's guide to SSL certificates

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.