Apple Removed Encryption Protection for Email Attachments, Researcher Says
Posted on May 3, 2014
The tech giant withheld safeguards from parties seeking access to users’ email attachments in the latest versions of its operating system for the iPad and iPhone, contrary to claims made on its website, an independent security research firm based in Germany reports.
NESO Labs CEO Andreas Kurtz explained in an April 23 blog post that Apple’s still visible statement that data protection “provides an additional layer of protection for email messages attachments” for “iPhone 3GS and later, all iPad models, and iPod touch (3rd generation and later)” was determined false by an inspection he performed. Kurtz was able to access all email attachments without encryption or restriction, using “well-known techniques,” he wrote on his blog.
Kurtz told Apple of the issue and went public when it failed to commit to fixing it. SCMagazineUK.com reports that he told the publication via email: “My repeated queries were responded with default replies only, stating either that they were aware of that issue or that they were still investigating this issue, up to today. As iOS 7.1.1 was released without fixing this bug, I decided to disclose details on it.”
Apple’s history of granting the National Security Agency access to users’ personal information, once presumed to be private, is well documented. Observers are left to wonder whether the company omitted protections from its latest updates to give the agency easier access to the details of American and international users’ personal and business communications.
—Posted by Alexander Reed Kelly.