Apple's Mail app in iOS 7 is failing to encrypt email attachments, leaving user data vulnerable to hackers, a security researcher claims.
Andreas Kurtz posted his findings online, saying Apple's email app in the latest version of its iPhone and iPad software is not securing files that are attached to emails.
This makes the files readily available to anyone with the proper software. The researcher said he confirmed this by trying out a method on email stored in an iPhone 4 running the latest version of iOS 7.
He said he was able to find the device's email attachments unprotected, and he said he later confirmed the process on an iPhone 5s and an iPad 2. Advertisement "I found all attachments accessible without any encryption/restriction," Kurtz wrote.
This calls into question Apple's reputation for having secure software. It also seems to contradict an Apple Web page that explains the security of its iOS software. "Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode," the page says.
"This provides an additional layer of protection for your email messages attachments, and third-party applications." Kurtz said he notified Apple of the issue and wrote that Apple said it was aware of the problem. However, he said, the company did not say when it would be able to fix the problem.
Apple could not be reached for comment. Considering how long iOS 7 has been available and how sensitive the files that consumers send through email can be, Kurtz said he expects Apple to release an update that fixes the problem soon. But until then, Apple device owners may want to avoid using the Mail app in iOS 7 to send emails containing sensitive file attachments.
Users can turn to apps made by their email providers, such as Gmail or Yahoo. Users can also turn to third-party email apps, such as Mailbox or myMail.