There's A Bug In The iPhone Email App That Could Put Your Attachments At Risk, Researcher Claims

Advertisement

apple iphone

Justin Sullivan/Getty Images

A security researcher is claiming that the Mail app in iOS 7 isn't encrypting email attachments despite what it says on Apple's support page.

Advertisement

Andreas Kurtz detailed the bug in a post on his personal blog, which was first spotted by ZDNet.

Kurtz said he verified the issue after restoring an iPhone 4 to the most recent versions of Apple's mobile software, iOS 7.1 and iOS 7.1.1 and setting up an IMAP account.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

This provided him with some test emails, Kurtz wrote, and after a bit of digging, he realized that all attachments were accessible without having to get past an encryption key.

The security researcher said he was able to reproduce the problem on an iPhone 5s and an iPad 2 running iOS 7.0.4. He reported the issue to Apple, which responded confirming that it is aware of the bug. The company didn't mention when a fix is to be expected, however.

Advertisement

Apple's support page says that its Mail application encrypts email attachments and that its data protection feature "provides an additional layer of protection for your email messages attachments, and third-party applications."

Encryption for email attachments is especially important for those who use their iPhones for professional or corporate email accounts. Encryption is what protects the text in those attachments from being read by hackers who may intercept the message.

A string of code is used to replace plain text while it's being transmitted between servers, ensuring that sensitive information won't be revealed. For example, encryption could translate a message as simple as "Hello!" to a hashed code like "F#h7er" before it reaches its recipient.

Considering that the iPad accounted for 91.4% of all enterprise tablet activations in Q4 2013, as a study from mobile enterprise software provider Good Technology shows, it could be a serious problem for the platform if left unaddressed.