iOS 7 Security Flaw Leaves Stored Email Attachments Unencrypted [Updated]

[VenusianSky]

Oh noes... if someone steals my iPhone and then is using some not so easy technique to access the file system of my iPhone then navigating to my email folder can then read my email attachments......

Probably this security flaw affects 0.0001% of iOS users but everyone will think "OMG another security flaw!!!11" 🙄

This would be a major concern for corporate users. Attached spreadsheets, reports, documents may contain confidential business data. Although people shouldn't send stuff like that through email, they do it anyways. Our policy requires that mobile email must be encrypted. Fortunately we haven't rolled out device-native email support to the employees yet, but we are close to it.

 

[GoodWatch]

Oh noes... if someone steals my iPhone and then is using some not so easy technique to access the file system of my iPhone then navigating to my email folder can then read my email attachments......

Probably this security flaw affects 0.0001% of iOS users but everyone will think "OMG another security flaw!!!11" 🙄

If 'Apple' would read 'Microsoft' this entire forum would come down on them like a ton of bricks...... Don't you think?

 

[OhHaiThere]

Ironically, my company discovered this flaw over a year ago and reported it to Apple when we were evaluating using i-devices on our network. 🙄

 

[itickings]

Ironically, my company discovered this flaw over a year ago and reported it to Apple when we were evaluating using i-devices on our network. 🙄

The flaw that if you know the passcode for a device, you can access the data stored on it? Well done! Revolutionary!

 

[jedifaka]

iOS in the Enterprise

I appreciate exploits like this probably aren't a big deal to consumers and would definitely stay out of any argument to the contrary.
But one of the factors contributing to the meteoric rise of Apple's value has been its comparatively new presence in enterprise. Enterprise customers have really embraced iOS and these kinds of flaws are a constant concern for that market.
If you're responsible for regulatory compliance (Sarbanes-Oxley, HIPAA, whatever) and you come around to believing Apple is not transparent enough, or even concerned enough, about security, how much concern do you live with before you pull the plug on iOS in your enterprise?
I'm pretty sure nobody's migrating wholesale back to BlackBerry. But I've got to believe the Enterprise market is more valuable to Apple than the Health and Fitness market.

 

[buckwheet]

If 'Apple' would read 'Microsoft' this entire forum would come down on them like a ton of bricks...... Don't you think?

Actually, no. Apple is the new whipping boy.

But I do have to say that this is the possibly stupidest thread I've read in months. Unencrypted mail attachments is not a bug. I'd imagine the assumption is that if someone has physical access to an unlocked phone, then they're the USER, and they should probably be able to read their attachments. Oh, they're encrypted? Okay, then just launch the Mail app and open the attachment that way. That's the WHOLE POINT of GETTING AN ATTACHMENT. Oh my ****ing god...

Same on OS X. Attachments are saved to "~/Library/Mail Downloads", and if you have physical access to the logged-in machine, then you can read them. But don't bother going to the Mail Downloads folder, just launch the ****ing Mail app!!! Jeez, are people really that stupid? If you have access to a logged in phone or computer then you are implicitly assumed to be the user. That's why there's so much interest in biometrics, like Touch ID, since these offer a way to verify identity WITHOUT the use of consciously provided "information". The device needs to know who you are regardless of the information you provide. That's the only way we'll get any kind of security... If you're assumed to be the user, then you're assumed to have access to the data. Simple.

 

[Porco]

Encryption is important, so my views on this story are the following:

'K{0\?U(Y9*r|IidzFJTCAj}b@LW!zFDkA0b=3-7m/)m1ghW&]J@%?b?Z`k~Nbf5+h^*w<s1dL*D+hASTgSm46A}CWxD=adR:\fMvW0FyGvT'*Qk/wS4VC

I*x(BoiusqX]y#_)]BzE|n#pZ-Ci[YClNT'cu{"NKI/C7M_lXxSBq^ywz^*o[32M)YO6L<%u\c/.q*dFgF-I.in}1QXM#]fpBZdfbe,YjzM)LAJF3U.c/a4{_w[r,1`[d

I think that should clear it all up.

 

[polterbyte]

Aaaaahhhhhrrrrgggghhhh!

Attachmentgate! Doom! DOOM! DOOM! DOOM!!!!!

...

Thanks, I feel much better now.

 

[cppguy]

When you email an attachment its not encrypted.

Exactly, the email itself is transferred from server to server without any encryption, leaving traces on dozens of computers during its way. There isn't even an envelope like in old-style mail. Email itself is a horribly bad 40-year old technology developed for 7-bit ASCII terminals.

 

[Paddle1]

First, it's OS X, with a space, and that's pronounced "Oh-Ess-Ten", not "Oh-Ess-Ex" like so many newbs to the Mac like to say. Secondly, OS X never encrypts mail attachments on disk. What would be the point of just encrypting this type of file? The way to achieve disk-level encryption is to use FileVault, which encrypts the entire disk, protecting all files, not just mail attachments.

I'm curious if Apple intentionally left this feature turned off with mail attachments as a battery-saving tradeoff. Encryption and decryption is expensive. Since most attachments are not secured anyway (ie. there's always at least two copies, one at the senders side, one at the receiving side), what would be the point of encrypting them on disk? If a document is that sensitive, it should be password-protected or never sent by email anyway.

----------



For the FileVault-like encryption to happen, it still happens on a per-file basis, just through an API. Applications are responsible for employing that API, and clearly the Mail engineers didn't use it for attachments. They used the normal non-encrypted API.

Correcting people's grammar is against the rules. It's just the name of an operating system. There is no need to react so angrily just because he didn't put a space.

Either way, if you need access to the device to do this, then there won't be too much of a rush to fix it.

 

[gnasher729]

I think the point is that there's a security issue and it should be fixed. Regardless of whether or not one person or many would be affected - if there's a flaw, and it CAN be fixed, it should be. This doesn't mean it should be screamed about as if the sky is falling - but I can't see the reason why anyone would speak negatively about the desire to get this fixed.

There is no security issue. This has been blown out of proportion first on theregister, then on slashdot, now hear. The order is unusual 😀

The only way someone can read these "unencrypted" email attachments is if the owner of the phone enters the passcode, which means he can now start the Mail application and read these "unencrypted" email attachments as intended, or enters the passcode, and connects the device to iTunes for backup purposes.

Since about the iPhone 3GS, all iDevices have hardware encryption which is permanently turned on, and without the passcode even the NSA is totally incapable of decrypting any of these "unencrypted" email attachments.

----------

For the FileVault-like encryption to happen, it still happens on a per-file basis, just through an API. Applications are responsible for employing that API, and clearly the Mail engineers didn't use it for attachments. They used the normal non-encrypted API.

You are wrong, wrong, wrong. _All_ files on iOS are encrypted. Always. Including these "unencrypted" emails. They cannot be read unless someone enters the passcode to the iPhone, and that is what happened: Someone entered the passcode and was surprised that you could read his emails. There are further encryption levels that can be used, but _every_ file without exception is encrypted.

----------

I don't care about vulnerabilities that require physical access to the device

Physical access to the device, PLUS knowledge of the passcode.

----------

Go download a copy of iExplore. Poof -- your entire phone in basically a Finder window. It's not hard at all. I had to buy a copy to get all of the music off of an old iPod.

Works with _your_ iPhone where you know the passcode and enter it. Doesn't work with _my_ iPhone if you steal it, because you don't have the passcode.

----------

Short answer: OS X handles file security differently from iOS. If you have FileVault turned on, you're fine.

On iOS, with 3GS or later, full disk encryption is turned on permanently. Passcode is needed.

 

[VenusianSky]

Physical access to the device, PLUS knowledge of the passcode.

? You don't need the passcode.

From article...

Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction

 

[Traverse]

First, it's OS X, with a space, and that's pronounced "Oh-Ess-Ten", not "Oh-Ess-Ex" like so many newbs to the Mac like to say.

Relax. I am aware that it is OS "10", but I'm typing on an iPhone 4S, so if you'll forgive my fingers, it would be much appreciated.

Also, I think that attachments should be encrypted on disk, they may contain sensitive information.

 

[TWSS37]

Oh noes... if someone steals my iPhone and then is using some not so easy technique to access the file system of my iPhone then navigating to my email folder can then read my email attachments......

Probably this security flaw affects 0.0001% of iOS users but everyone will think "OMG another security flaw!!!11" 🙄

OMG another poster rationalizing Apple security flaws!!!11 🙄

 

[OhHaiThere]

The flaw that if you know the passcode for a device, you can access the data stored on it? Well done! Revolutionary!

Vulnerabilities like this may seem innocent to you, but hackers use these opportunities to gain lot of information. I'm sure the attachment on your phone doesn't matter, but certain corporation/government agencies' data can be extremely valuable.

The applications running on your phone don't need access to your passcode, by the way...

 

[BvizioN]

Another opportunity to force users to upgrade to iOS 7?

Are you serious? But it's exactly iOS 7 users that are effected 😀 It clearly says on the title.

 

[Omniver]

If my phone is not jailbroken, and has password protection on it, and has Lost my iPhone enabled, and the phone is locked, is it still possible to access the filesystem without a fingerprint or password? I highly doubt it. If I lost my iPhone I would check where it is, if I don't recognize the location, I'll just wipe it. Problem solved.

Yes, it is completely possible. The default iPhone file system encryption stores the encryption key in manner where it can be retrieved from an unlocked device. It is encrypted to enable a fast remote wipe (by erasing that key off the device) NOT for data protection. From apple: "Since all the keys needed to decrypt files in this class are stored on the device, the encryption only affords the benefit of fast remote wipe."

I'll say again: the default iOS encryption is not for implementing data security, it's to implement remote wipe.

Email attachments were supposed to be in a different encryption class, one where the key was stored in a way that it did indeed require an unlock.

----------

? You don't need the passcode.

Correct. You do not need the passcode.

----------

There is no security issue. This has been blown out of proportion first on theregister, then on slashdot, now hear. The order is unusual 😀

The only way someone can read these "unencrypted" email attachments is if the owner of the phone enters the passcode, which means he can now start the Mail application and read these "unencrypted" email attachments as intended, or enters the passcode, and connects the device to iTunes for backup purposes.

Since about the iPhone 3GS, all iDevices have hardware encryption which is permanently turned on, and without the passcode even the NSA is totally incapable of decrypting any of these "unencrypted" email attachments.

----------



You are wrong, wrong, wrong. _All_ files on iOS are encrypted. Always. Including these "unencrypted" emails. They cannot be read unless someone enters the passcode to the iPhone, and that is what happened: Someone entered the passcode and was surprised that you could read his emails. There are further encryption levels that can be used, but _every_ file without exception is encrypted.

----------



Physical access to the device, PLUS knowledge of the passcode.

----------



Works with _your_ iPhone where you know the passcode and enter it. Doesn't work with _my_ iPhone if you steal it, because you don't have the passcode.

----------



On iOS, with 3GS or later, full disk encryption is turned on permanently. Passcode is needed.

Sorry, all untrue. Please read the "File Data Protection" section here Unless the developer has specifically placed the application data into a more protected data class (like Apple said they did with email attachments), nearly all the data is recoverable from a lost/stolen phone that hadn't been "remotely wiped" yet, even without the passcode.

Again: Apple iOS encryption is to enable fast remote wipe by deleting the device encryption key. If still on the device (e.g. not yet remotely wiped), this key can be retrieved without your passcode.

 

[AppleScruff1]

Oh noes... if someone steals my iPhone and then is using some not so easy technique to access the file system of my iPhone then navigating to my email folder can then read my email attachments......

Probably this security flaw affects 0.0001% of iOS users but everyone will think "OMG another security flaw!!!11" 🙄

But if it was Microsoft or Google with 0.0001% affected it would be a big deal, right?

 

[XboxMySocks]

Another validation of my continued iOS 6.1.2 use 🙂

----------



Minus the omission of the apostrophe 😀

This 'flaw' is also present on iOS 6 😛

 

[koban4max]

So...why is apple being so stupid these days?

 

[macs4nw]

One of Apples biggest problems is that they remain schtum.
People want some acknowledgement and feedback, this along with the regular changing of OS versions will prevent them from ever being the major force in enterprise.

According to the article, Apple has acknowledged the flaw, at least to Kurtz, but for them to immediately come out publicly and declare the problem, while not even having finished exactly diagnosing the vulnerability themselves, would be tantamount to issuing an invitation to hackers far and wide, to capitalize on the problem and create more problems for users, and by extension, for Apple.

There's little doubt, in my mind at least, that behind the scenes Apple is furiously working on plugging this hole.

This is all about iOS; not sure why you're bringing OS and enterprise share into this discussion.

 

[Traverse]

But if it was Microsoft or Google with 0.0001% affected it would be a big deal, right?

Exactly. Were you expecting no bias? 😀

 

[apolloa]

Well this latest hole won't be patched for a while now, considering the iOS team has now been pulled to help the OSX team.....

seriously Apple, sort you ***t out and hire some more coding staff! And fix your stupid security holes will ya! Apple is just as bad as Microsoft for security holes these day's.

 

[JAT]

First, it's OS X, with a space, and that's pronounced "Oh-Ess-Ten", not "Oh-Ess-Ex" like so many newbs to the Mac like to say.

I had my first Mac in 1985, and I say Ex. And I type it OSX.

It stopped being "version 10" a long time ago. You should consider Mavericks to be v19 of the overall Mac system, or OSX v10.

 

[thebeans]

Another opportunity to force users to upgrade to iOS 7?

I think you have it Bass Ackwards 🙄