German security expert Andreas Kurtz, with NESO Security Labs, has posted an entry to his personal blog claiming that the latest version of iOS 7.1.1 (and older versions 7, 7.0.4 and 7.1) does not encrypt email attachments. If true, the revelation would run contrary to what Apple has been advocating on its website, that iOS “provides an additional layer of protection for (..) email messages attachments.”
Kurtz describes how he hacked an iPhone in his possession, using what he describes as “well known techniques” and was able to gain access to email folders. Once that was accomplished, he found that he could read email attachments as none of them were encrypted. Kurtz says that he notified Apple about his discovery and was told that the company knew about the problem and was working on it but didn’t give him a timeframe for when it might be fixed.
To be fair, the flaw is likely only going to be a problem for people who use their phone for sending sensitive attachments—also a would be hacker would have to gain physical access to the phone and would have to have the user’s pass-code as well or a jailbreak of some sort.
Read more at: Phys.org