iOS 7 Not Encrypting Email Attachments Properly

If you’re an iOS user who uses their emails to send encrypted attachments often, or need that kind of security for your job, it seems that you might want to consider putting a stop on sending emails from your phone, at least for now. This is because of a bug in iOS 7 which apparently no longer encrypts email attachments.

This is despite the “Data Protection” feature for iOS 7 being enabled, it has been discovered by security researchers that it no longer seems to be functioning and is no longer properly encrypting data. According to researcher Andreas Kurtz, he tested this out and he “verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account, which provided me with some test emails and attachments.”

He later managed to access the system and navigated to the actual email folder, where he found that the files in there were not encrypted at all. This issue has since managed to be reproduced on devices like the iPhone 5s and the iPad 2, both of which are running on iOS 7.0.4, so it does not look like the issue is device-specific. Apple has since responded to Kurtz and acknowledged that they are aware of the problem.

However Apple did not provide any timeframe as to when we might be able to look forward to an update that will fix this issue. Thankfully it seems that despite the files not being encrypted, it cannot be harvested remotely, meaning that the only way someone will be access your unencrypted email attachments is by getting their hands on your phone itself and using Kurtz’s method.

Tyler Lee
Categories: Apple
Tags: iOS 7, Security