Skip to main content

iOS 7 bug leaves email attachments prey to hackers

A glaring bug in Apple’s iOS 7 mobile operating system has resulted in every email attachment sent on an iPhone or iPad being sent completely unencrypted, according to new disclosures.

According to the official support documentation provided by Apple, iOS provides data protection on all devices that offer hardware encryption -- specifically the iPhone 3GS and later, all iPads, and the third-generation iPod touch and later.

But security researcher Andreas Kurtz has discovered that iOS version 7.0.4 and later, including 7.1.1, has a bug that results in attachments not being encrypted.

Kurtz, who has reported on Apple’s security blunders in the past, said:

"I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction"

He added that Apple “responded that they were aware of this issue, but did not state any date when a fix is to be expected."

If you’re worried about your files being intercepted by hackers, make sure not to send them by email from any iOS device. Instead, send them from laptop.

Failing that, it's best to use some other secure cloud service like DropBox, or Apple’s own iCloud. This should ensure that your files are adequately encrypted from end to end.

Read more: A guide to blocking calls, texts and messages in Apple's iOS 7