Menu
iOS 7.0, iOS 7.0.4, iOS 7.1 now can be done!!!

iOS 7.0, iOS 7.0.4, iOS 7.1 now can…

Almost last minute breaki...

Angry Birds in a new form the RPG game

Angry Birds in a new form the RPG g…

After using charakteru fr...

Installing Windows 8.1 from USB stick

Installing Windows 8.1 from USB sti…

Windows 8.1 was released ...

Open links in the Windows 8.1 desktop Internet Explorer mode every time

Open links in the Windows 8.1 deskt…

When using Windows 8 in d...

How to run the data deduplication on Windows 8 and Windows 8.1

How to run the data deduplication o…

All known data de-duplica...

SD card with Wi-Fi interface

SD card with Wi-Fi interface

There are many devices an...

Windows Phone 8.1 is comming

Windows Phone 8.1 is comming

Operating system Windows ...

Micrososft product activation via Active Directory not KMS

Micrososft product activation via A…

If anyone ever looked for...

Setting up your own domain name in the Outlook.com mail service

Setting up your own domain name in …

Few people realize how mu...

Windows 8.1 update is here

Windows 8.1 update is here

Almost everyone who heard...

Prev Next

iOS7 e-mails are not properly protected

iOS7 e-mails are not properly protected

A few weeks ago it was discovered that e-mail attachments supported within MobileMail.app in iOS7 are not adequately protected by the data protection mechanisms in Apple devices.

Long time ego during the reign of the iPhone 3G also hard discussed was the lack of data security. Then it turned out that after resetting, the old data can still be recovered and more with quite a small amount of work. Of course, both then and now, is contrary to the assumptions of data protection as the appropriate publication of Apple reads:

" Provides an additional layer of protection for ( ..) e-mail messages attachments ."

To verify the existence of this error just get to the device using well-known techniques using DFU mode, custom ramdisk and SSH via usbmux. Then simply mount the data partition only as iOS and go to the folder that contains the e-mails, there you will find attachments to them. Anyone can now indignant and say that this is small gap and that we always have a phone with us. And what do you say when that data will be available even after formatting the device as soon as I re- add a email address. Interesting is also the fact that they are totally unencrypted data:

# Mount_hfs / dev/disk0s1s2 / mnt2

# Cd / mnt2/mobile/Library/Mail 

# XXD IMAP-MY_MAILADDRESS/INBOX.imapmbox/Attachments/4/2/my_file.pdf

0000000 : . 2550 4446 2D31 2e34 0a25 81e2 81e3 81cf % PDF - 1.4 % ......

0000010 : 81d3 5c72 0a31 0a3c 2030 206F 626a 3c0a .. \ R1 0 vol . << .

0000020 : 2f43 7265 696f 6e44 6174 6174 6520 2844 / CreationDate (D

0000030 : 3a32 3031 3330 3830 3532 3034 3830 3329 : 20130805204803 )

0000040 : 0a2f 4d6f 6444 6174 6520 2844 3a32 3031 / moddate (D: . 201

0000050 : . 3330 3830 3532 3034 3830 3329 5469 3080 0a2f 5204803 ) / Ti

0000060 : 746C 6520 2852 2047 7261 7068 6963 7320 TLE ( R Graphics

0000070 : 4f75 7470 290a 2f50 7574 726f 6475 6365 Output ) / products.

0000080 : . 7220 2852 2033 2e30 2e31 2f43 7265 290a (R 3.0.1 ) / Cre

0000090 : . . 6174 2028 5229 6f72 0a3e 3e0a 656e 646f ator ( R ) >> endo

To verify that actually protect data on the device is active , you may be tempted to gain access to protected file index ( database of e- mail ). As expected, the access to this file is not allowed.

# Xxd Protected \ Index

xxd : Protected Index: Operation not permitted

 

The problem  has been reported to Apple and they replied that they are aware of the problem but can not give any date when a fix for this bug will be released. It is worth knowing that almost all major types of mail handling  POP , IMAP, and ActiveSync are vulnerable.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.



Uzupełnij układankę ;-)Joomla CAPTCHA
back to top

HDT@