Andreas Kurtz, a security researcher, has discovered that contrary to Apple's claims email attachments are not being encrypted in iOS 7.
Apple says that "Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments, and third-party applications." While data protection does appear to be functioning for most data, Kurtz says its not working with email attachments.
I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction
Kurtz was also able to reproduce the issue on an iPhone 5s and an iPad 2 running iOS 7.0.4. He reported the issue to Apple and they responded that they're aware of the problem but did not indicate when a fix would arrive.
Read More [via Charles]
Apple says that "Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments, and third-party applications." While data protection does appear to be functioning for most data, Kurtz says its not working with email attachments.
I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction
Kurtz was also able to reproduce the issue on an iPhone 5s and an iPad 2 running iOS 7.0.4. He reported the issue to Apple and they responded that they're aware of the problem but did not indicate when a fix would arrive.
Read More [via Charles]