Slashdot Mirror

← Back to Stories (view on slashdot.org)

iOS 7 Update Silently Removes Encryption For Email Attachments

Posted by timothy on from the giveth-and-taketh-away dept.

An anonymous reader writes "Apple has removed encrypted email attachments from iOS 7. Apple said back in June 2010 in regards to iOS 4.0: 'Data protection is available for devices that offer hardware encryption, including iPhone 3GS and later, all iPad models, and iPod touch (3rd generation and later). Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments, and third-party applications.' Not anymore."

5 of 68 comments (clear)

  1. Old. Needs an update. by Anonymous Coward · · Score: 3, Informative

    This 'news' is about a week or two old. Apple already issued a statement acknowledging the situation and is looking into it.
    Will probably fixed with an update.

    1. Re:Old. Needs an update. by Anubis+IV · · Score: 3, Informative

      The storage of the iPhone is always encrypted. In order to access any files, you must supply the encryption key. He supplied the key and could read the files.

      From what I understand, that's actually not what's happening here, and that's the problem. He was able to simply mount the disk and gain access to the files, without having to supply an encryption key. In contrast, the messages themselves were encrypted, just as you'd expect. More or less, it turns out that not everything that's stored on the iPhone is actually being encrypted.

  2. Title is Misleading by Anonymous Coward · · Score: 5, Informative

    The encryption for email attachment was not removed, it was never present.

    It's not nefarious, it's incompetent.

    Read the original (shorter!) post (http://www.andreas-kurtz.de/2014/04/what-apple-missed-to-fix-in-ios-711.html) instead of the rehashed ad-selling copy.

  3. Again a clueless article... by gnasher719 · · Score: 4, Informative

    Fact is, you can't read the data on a locked iPhone. You _can_ read the data if you, as the owner, unlock the iPhone, for example for backing it up. But if the NSA gets your locked phone into their hands, there's nothing that they can do. All the data is _always_ read and written using hardware decryption.

    In addition, apps can use further encryption on a per-file basis. Mail does that for most files, but apparently not for attachments. Additional encryption means for example that entering the key code is needed again for that kind of file. But files without that additional encryption still can't be read.

    What the guy is complaining about is like sending unencrypted data over https, or putting unprotected documents into an unbreakable safe.

    1. Re:Again a clueless article... by Anonymous Coward · · Score: 3, Informative

      Do a little googling... It seems Apple bypasses the OS to read the encrypted data directly, then does a brute-force attack on the passcode. Most people use a 4 digit numerical passcode, and very very few use more than 8 alphanumeric digits so brute forcing is usually a matter of minutes. There are third-party forensics tools that can do the same, but most police departments aren't up to speed and have an easier time just shipping the device+warrant to Apple and waiting a few weeks. Your data is only as safe as the password you lock it with...