What Apple Missed to Fix in iOS 7.1.1

[SmirGel]

 

 

What Apple Missed to Fix in iOS 7.1.1

 

A few weeks ago, I noticed that email attachments within the iOS 7 MobileMail.app are not protected by Apple's data protection mechanisms. Clearly, this is contrary to Apple's claims that data protection "provides an additional layer of protection for (..) email messages attachments".

I verified this issue by restoring an iPhone 4 (GSM) device to the most recent iOS versions (7.1 and 7.1.1) and setting up an IMAP email account¹, which provided me with some test emails and attachments. Afterwards, I shut down the device and accessed the file system using well-known techniques (DFU mode, custom ramdisk, SSH over usbmux). Finally, I mounted the iOS data partition and navigated to the actual email folder. Within this folder, I found all attachments accessible without any encryption/restriction:

 

# mount_hfs /dev/disk0s1s2 /mnt2

# cd /mnt2/mobile/Library/Mail/

# xxd IMAP-MY_MAILADDRESS/INBOX.imapmbox/Attachments/4/2/my_file.pdf

0000000: 2550 4446 2d31 2e34 0a25 81e2 81e3 81cf %PDF-1.4.%......

0000010: 81d3 5c72 0a31 2030 206f 626a 0a3c 3c0a ..\r.1 0 obj.<<.

0000020: 2f43 7265 6174 696f 6e44 6174 6520 2844 /CreationDate (D

0000030: 3a32 3031 3330 3830 3532 3034 3830 3329 :20130805204803)

0000040: 0a2f 4d6f 6444 6174 6520 2844 3a32 3031 ./ModDate (D:201

0000050: 3330 3830 3532 3034 3830 3329 0a2f 5469 30805204803)./Ti

0000060: 746c 6520 2852 2047 7261 7068 6963 7320 tle (R Graphics

0000070: 4f75 7470 7574 290a 2f50 726f 6475 6365 Output)./Produce

0000080: 7220 2852 2033 2e30 2e31 290a 2f43 7265 r (R 3.0.1)./Cre

0000090: 6174 6f72 2028 5229 0a3e 3e0a 656e 646f ator ®.>>.endo

 

To verify that data protection was actually enabled, I also tried to access the Protected Index file (email message database). As expected, access to that file was not permitted.

# xxd Protected\ Index

xxd: Protected Index: Operation not permitted

Note: I was also able to reproduce this issue on an iPhone 5s and an iPad 2 running iOS 7.0.4.

I reported these findings to Apple. They responded that they were aware of this issue, but did not state any date when a fix is to be expected. Considering the long time iOS 7 is available by now and the sensitivity of email attachments many enterprises share on their devices (fundamentally relying on data protection), I expected a near-term patch. Unfortunately, even today's iOS 7.1.1 did not remedy the issue, leaving users at risk of data theft. As a workaround, concerned users may disable mail synchronization (at least on devices where the bootrom is exploitable).

¹ It turned out that POP or ActiveSync email accounts behave the same way.

 

http://www.andreas-kurtz.de/2014/04/what-apple-missed-to-fix-in-ios-711.html

 

this is older news but related: http://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-reportedly-has-total-access-to-your-iphone/

[Akolyte]

IOS isn't bad, but this is why I use Android.  If something isn't fixed, you can fix it.  

[geogga]

"What OP missed to do before posting new topic"

Search and realize this is a repost

http://linustechtips.com/main/topic/148879-ios-7-not-securing-emails-leaves-users-vulnerable/#entry198914

[SmirGel]

"What OP missed to do before posting new topic"

Search and realize this is a repost

http://linustechtips.com/main/topic/148879-ios-7-not-securing-emails-leaves-users-vulnerable/#entry198914

 

oh snap.

[geogga]

Sorry if trying to sound mean, but I have seen so many reposts these last two weeks it's really unbearable.