iPhone Bug Leaves Emails Vulnerable - kcentv.com - KCEN HD - Waco, Temple, and Killeen

iPhone Bug Leaves Emails Vulnerable

Posted: Updated:

(CNN) -- German security expert Andreas Kurtz has discovered that anyone in possession of your Apple device might be able to access files sent to you via email, even if your phone is locked with a passcode.

It's a major security flaw, but it's worse for people with older iPhones and iPads. It's less bad for folks with newer ones.

Since the release of the iOS 4 software in 2010, Apple has assured customers that files are guarded with an added layer of security. When you lock your phone, the email attachments in your phone are supposed to be individually locked too. Here's why: Even if hackers manage grab your phone, hook it up to a computer and bypass the passcode that locks your entire device, they still aren't supposed to be able to read the files. Email attachment files are a jumbled mess of letters and numbers unless you unlock the whole phone.

But that's not actually happening, Kurtz found. The files aren't encrypted that way. He was able to plug an iPhone 4 into a computer, go around the passcode and see those files.

There are several methods available to hackers allowing them to access an iPhone's files even when it is locked and protected with a passcode. In theory, those files should be encrypted -- appearing as a jumbled mess of numbers and letters. But Kurtz found that email attachments aren't, in fact, encrypted. Kurtz was able to access email attachments on a locked iPhone 4 -- just by plugging it into a computer and using some passcode-bypassing software.

Importantly, that method won't work on newer devices, because they don't allow computers to access raw files. But the software flaw is still present on new devices, such as the iPhone 5S and iPad 2. That means that if hackers figure out how to reach those files, they'll find them unencrypted.

Kurtz, the co-founder of NESO Security Labs in Heilbronn, Germany, tested for the flaw in an iPhone 4, iPhone 5s and iPad 2. He first reported the findings on his personal blog on April 23.

Kurtz said he reached out to Apple and the company told him it was already aware of the problem. But when the company issued a software update to iOS 7.1.1 and did not include a fix, Kurtz posted his findings.

"Considering the long time iOS 7 is available by now and the sensitivity of email attachments many enterprises share on their devices, I expected a near-term patch," he wrote.

Apple told CNN it plans to issue a fix in a future software update, but the company would not say when that would happen.

  • Latest NewsMore>>

  • Police Chief Says 'Irreconcilable Differences' with Mayor Over PD Led Him to Quit

    Police Chief Says 'Irreconcilable Differences' with Mayor Over PD Led Him to Quit

    Thursday, July 24 2014 6:43 PM EDT2014-07-24 22:43:54 GMT
    (KCEN) – Officer Michael Lugo revealed his reasoning to KCEN Thursday following his resignation as interim police chief in Little River-Academy. Lugo, formerly the town's reserve police officer, stepped down Wednesday after less than two weeks on the job as chief.More >>
    (KCEN) – Officer Michael Lugo revealed his reasoning to KCEN Thursday following his resignation as interim police chief in Little River-Academy. Lugo, formerly the town's reserve police officer, stepped down Wednesday after less than two weeks on the job as chief.More >>
  • Minnesota Man Says Southwest Removed His Family Over Tweet

    Minnesota Man Says Southwest Removed His Family Over Tweet

    Thursday, July 24 2014 5:51 PM EDT2014-07-24 21:51:52 GMT
    A Minnesota man refuses to fly on Southwest Airlines after he says his family was briefly removed from their flight over a critical tweet. Duff Watson was boarding as a priority flyer with Southwest when an agent refused to allow his two children, ages 6 and 9, who had later boarding times, to board with him, according to NBC's affiliate KARE. Watson said he warned the agent that he'd tweet about the incident, which he did. "RUDEST AGENT IN DENVER. KIMBERLY S. GATE C39. NOT HAPP...More >>
    A Minnesota man refuses to fly on Southwest Airlines after he says his family was briefly removed from their flight over a critical tweet. Duff Watson was boarding as a priority flyer with Southwest when an agent refused to allow his two children, ages 6 and 9, who had later boarding times, to board with him, according to NBC's affiliate KARE. Watson said he warned the agent that he'd tweet about the incident, which he did. "RUDEST AGENT IN DENVER. KIMBERLY S. GATE C39. NOT HAPP...More >>
  • Survivor: 'I was so scared' in Tornado that Killed 2 at Campground

    Survivor: 'I was so scared' in Tornado that Killed 2 at Campground

    Thursday, July 24 2014 5:43 PM EDT2014-07-24 21:43:39 GMT
    (CNN) -- The voices in the video tell the story."Something crazy is going on outside," a woman shouts. "I'm scared."Moments later, the same voice yells that a tree has fallen and another says, "It's on that guy's camper."Overturned campers, downed treesThe footage posted on the website of CNN affiliate WAVY came from the Cherrystone Family Camping Resort on the Chesapeake Bay in Virginia, where a tornado on Thursday toppled campers and sent trees crashing onto vehicles.State Police spokeswoma...More >>
    (CNN) -- The voices in the video tell the story."Something crazy is going on outside," a woman shouts. "I'm scared."Moments later, the same voice yells that a tree has fallen and another says, "It's on that guy's camper."Overturned campers, downed treesThe footage posted on the website of CNN affiliate WAVY came from the Cherrystone Family Camping Resort on the Chesapeake Bay in Virginia, where a tornado on Thursday toppled campers and sent trees crashing onto vehicles.State Police spokeswoma...More >>
Click for Local Doppler Radar
Powered by WorldNow
All content © Copyright 2000 - 2014 WorldNow and KCEN. All Rights Reserved. Users of this site agree to the Terms of Service, Privacy Notice/Your California Privacy Rights, and Ad Choices.