tech

Your iPhone Passcode Is Not Enough To Protect Your Data. Here's Why

There is a bug in iOS 7 that prevents email attachments from being encrypted on your device. The good news is, Apple's already working on a solution.

Cover image via imgur.com

There is a bug in iOS 7.1.1 that does not encrypt email attachments, making it possible for anyone to read what you send and receive though your iPad or iPhone

A screengrab of email from iOS device

Image via appleinsider.com

If you’re an iOS user who uses their emails to send encrypted attachments often, or need that kind of security for your job, it seems that you might want to consider putting a stop on sending emails from your phone, at least for now. This is because of a bug in iOS 7 which apparently no longer encrypts email attachments.

ubergizmo.com

Although Apple has known about the issue for at least a month now and, the problem has not yet been remedied, a fix is presumably on its way

Apple's statement on the issue simply said, "We're aware of the issue and are working on a fix which we will deliver in a future software update."

appleinsider.com

It was first reported by security researcher Andreas Kurtz who noted the flaw all the way back in iOS 7.0.4

Image via netdna-cdn.com

It was discovered by security researchers that it no longer seems to be functioning and is no longer properly encrypting data. According to researcher Andreas Kurtz, he tested this out and he “verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account, which provided me with some test emails and attachments.”

ubergizmo.com

This isn't supposed to happen because mail attachments are supposed to be protected by Apple's Data Protection technologies. Data Protection is supposed offer users "an additional layer of protection for your email messages attachments, and third-party applications."

mashable.com

Technically, if someone steals your iPhone, they won't be able to access the data without knowing your passcode

Image via tumblr.com

The problem, Kurtz found, was that by using an iOS jailbreak tool, he was able to access the file system and found that message attachments are not encrypted.

businessinsider.in

An attacker would either need your passcode, or a jailbreak that works without a passcode, allowing him access to the file system

Engst and Mogull explain: That's how Kurtz was able to attack an iPhone 4. It's unclear how he was able to reproduce on an iPhone 5s and iPad 2 running iOS 7.0.4, since more recent devices running iOS 7 aren't susceptible to a jailbreak without the passcode. It's possible that Kurtz had already jailbroken his iPhone 5s and iPad 2, so they weren't as protected as a normal device would be. The bug means that email attachments still aren't encrypted on those devices, but there isn't a way to get to them.

ubergizmo.com

While Apple is working on the fix, it's important to understand the real-world risk this vulnerability holds

Image via imgur.com

First, this is the sort of vulnerability that requires physical access to your device. This is not something that attackers can access using malware or over a network.

appleinsider.com

Second, as Rich Mogull and Adam Engst point out, to access the data without a passcode, an attacker would need to use a jailbreak technique to bypass the device's security. And given the state of iOS 7.1.x jailbreaks, that might be easier said than done.

zdnet.com

To reiterate, this is a real problem, but taking advantage of this bug requires the right set of circumstances and technical knowledge.

appleinsider.com

Other related stories on SAYS:

You may be interested in: