No wonder Apple assures that your phone is safe
behind that four-digit passcode, you better not trust it blindly. I recently discovered this mythbuster:
German security expert Andreas Kurtz proved that a lost or stolen iPhone is not as safe as the company suggests. Specifically, any hacker who manages to get hands on your phone could pretty easily access your email attachments. Apple has been claiming since years that passcode-protected phones have an so-called extra security layer for emails and message attachments as well as third-party applications.
Andreas from independent security research firm NESO Labs, wrote about this iPhone security flaw in a post of his blog on April 23. Kurtz was able to restore an iPhone 4 with the latest versions of iOS (7.1 and 7.1.1), protect it with a passcode, and then access the iPhone's files simply by plugging the phone into a computer and using password-bypass software.
If someone got your iPhone and accessed the email attachment files on the device by plugging it into a computer, they should see only gibberish if they didn't enter the passcode to unlock the phone, according to Apple.
Instead of the gibberish of encrypted files, he said he was able to access unencrypted email attachment files stored on the phone.
Kurtz was able to replicate this same process on an iPhone 5s and an iPad 2, both running iOS 7.0.4, and he found the problem was affecting POP, IMAP and ActiveSync email accounts.
Kurtz says in his blog post that Apple told him it is aware of the problem. According to CNN Money, Apple "plans to fix the issue in a future update."
Still, this security loophole could be a big issue for corporate and government users of iOS devices.
CNN Money reports the problem might not affect newer devices, which don't allow computers to access raw files.Whether or not you can accesses these files, however, the security flaw is still present on all devices.
German security expert Andreas Kurtz proved that a lost or stolen iPhone is not as safe as the company suggests. Specifically, any hacker who manages to get hands on your phone could pretty easily access your email attachments. Apple has been claiming since years that passcode-protected phones have an so-called extra security layer for emails and message attachments as well as third-party applications.
Andreas from independent security research firm NESO Labs, wrote about this iPhone security flaw in a post of his blog on April 23. Kurtz was able to restore an iPhone 4 with the latest versions of iOS (7.1 and 7.1.1), protect it with a passcode, and then access the iPhone's files simply by plugging the phone into a computer and using password-bypass software.
If someone got your iPhone and accessed the email attachment files on the device by plugging it into a computer, they should see only gibberish if they didn't enter the passcode to unlock the phone, according to Apple.
Instead of the gibberish of encrypted files, he said he was able to access unencrypted email attachment files stored on the phone.
Kurtz was able to replicate this same process on an iPhone 5s and an iPad 2, both running iOS 7.0.4, and he found the problem was affecting POP, IMAP and ActiveSync email accounts.
Kurtz says in his blog post that Apple told him it is aware of the problem. According to CNN Money, Apple "plans to fix the issue in a future update."
Still, this security loophole could be a big issue for corporate and government users of iOS devices.
CNN Money reports the problem might not affect newer devices, which don't allow computers to access raw files.Whether or not you can accesses these files, however, the security flaw is still present on all devices.
No comments:
Post a Comment