iOS 7 Email Attachments Not Encrypted
A vulnerability in Apple’s Data Protection technologies that leaves email attachments downloaded by iOS 7’s Mail application unprotected was recently discovered by a security researcher Andreas Kurtz. Simply saying, data protection enhances Apple’s hardware encryption by securing the hardware encryption keys with your unique passcode. The irony is that Apple has specifically noted that this Data Protection technology provides an extra layer of protection for users email messages attachments and third-party applications.
Considering when the iOS 7 was realeased, it should be expected to get a patch for such issue a lot faster from a company like Apple. Although, Apple has confirmed the knowledge of this vulnerability and said that they are working on a way to fix this issue, unfortunately, it was not implemented into the recently released iOS 7.1.1 update.
How Data Protection Works
Data protection assures that in an event when a bad guy gets physical control of your device, he won’t be able to access protected files without entering your passcode, even if he succeeds to bypass the remaining security of the iOS device. This is particularly useful to prevent attackers from decrypting offline a copy of your entire file system extracted from your device. If you do not enable Apple’s Data Protection technology by establishing a passcode, your iOS file system encryption is fairly easier to bypass for hackers.
Setting a passcode enables additional hardware security for your device to prevent from any unwanted physical connections. It encrypts app data storage with your passcode and a hardware key which are unique to your device and almost impossible to circumvent. Even though somebody had a full copy of your file system he would need to brute force these two codes together to access your files which is practically impossible. In fact, if you set up a passcode longer than 6 to 8 characters it becomes almost impenetrable. Apple’s Data Protection is extremely effective not considering this vulnerability, although older devices the ones before iPhone 4S and iPad 2 do not have some of the special hardware installed and are more vulnerable.
Limitations of the vulnerability
Even if Kurtz says that he was able to get access to the file system using a well-known techniques for him, these techniques require some serious technical knowledge and most of the tools are compatible only with the iPhone 4 and earlier. Moreover, have in mind that the culprit would need to have a full physical access to the device to be able to exploit this vulnerability, so this isn’t the kind of issue which could be used widely via malware or a network connection.
The thing is that the attacker would need either your passcode which means that he has access to everything already, or he needs a jailbreak that works without needing your passcode and would grant him access to your file system. That’s probably how Kurtz was able to attack an iPhone 4 by using a jailbreak. However, it is not clear how he reproduced on iPhone 5S and iPad 2 which were running iOS 7.0.4, as up-to-date devices running iOS7 do not succumb to a jailbreak without the passcode. The case here must be that Kurtz had already jailbroken mentioned devices, so they were less protected comparing to a normal device. This bug indicates that email attachments are not encrypted on those devices yet, but there isn’t an easy way to get to them.
Unless you receive extremely important information in email attachments and might be targeted in person by those interested in your data, then you shouldn’t worry much here. However these still relying on the iPhone 4 should be alerted, as email attachment data on those devices could be exposed if an attacker were to gain physical access of your device.