iOS 7 doesn't encrypt email attachments

Summary:A researcher has reported to Apple that email attachments stored on an iOS device are not encrypted at rest, contrary to Apple's claims.

In explaining the considerable measures Apple put in iOS to protect data, one claim the company makes is that encryption on the device protects "...your email messages attachments, and third-party applications." It seems that a bug in recent versions of iOS means that iOS doesn't completely live up to these claims.

Research by Andreas Kurtz, who has reported security issues to Apple in the past, shows that iOS, since at least version 7.0.4 and including the current version 7.1.1, does not encrypt attachments at rest.

Kurtz tested for the bug by creating an IMAP email account and putting some messages with attachments in its folders. He then shut the device down and accessed the file system using well-known tools. He was able to view the files in clear text.

In a blog post dated April 23, Kurtz reported that he had reported the problem to Apple and that they said they were aware of it, but had no schedule for fixing the bug. We contacted Apple about the same issue and they have not responded to our inquiry.

Topics: Security, Apple, iOS

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.