As always, if someone has physical access and unlimited time, no device or computer is safe.
Also, Mailbox.app only supports GMail. Security minded people are obviously not the target market.
(edited to make my point more clear :)
When the device is locked the file is encrypted and cannot be easily retrieved with a USB cable and a file explorer. An app that does not properly secure its files is readable even when the device is locked.
Whether users pick appropriate passwords is another matter entirely.
>if someone has physical access and unlimited time There is no such thing as unlimited resources.
If I had unlimited time I could crack every encrypted message on the planet.
Using DPAPI turns a 30 second hack into an online cracking job. The crypto processor in the iPhone can only check one password every ~80ms and you need the chip with you. An attacker cannot do an offline attack.
All this stuff can be kludged onto email, but the attitude should be "unless I've taken measures to add security this thing is not secure".
I wasn’t suggesting it shouldn’t be. My point is that the article’s headline is overly dramatic: Mailbox.app is not a complete security failure because of one hack that requires physical access. Given that Mailbox only supports GMail, I’d be more worried to put my email in Google’s hands than worrying over someone grabbing my phone out of mine.
“Mailbox is BIG. We are not talking of an average app here!”
Mailbox.app is a free app that has been downloaded a couple of million times, I wouldn’t call it “BIG” yet. It’s very new, it’s still on version 1, so it’s not expected to be perfect.
Given physical access and "unlimited" time (i.e. no more than a million human lifetimes, say), then certainly an attacker can gain access to the device and make it do what he wants.
However, if the data on the device is securely encrypted, then physical access and (reasonable) time doesn't matter. He won't be able to get at the data.
In other words, this is the expected behaviour when your phone is unlocked.
See: https://developer.apple.com/library/ios/documentation/Cocoa/...
This article just helps compound the idea that that trust might be a little misplaced....
I'm back to Sparrow now (which doesn't do push) and quite happy: Mail.app tells me I have a new message, then I process my emails in Sparrow.
If you jailbreak the phone you can access all non protected data.
iOS Mail app uses DAPI correctly. For push mail when the phone is locked it will use a public key to encrypt the data.
I am unsure if even the Gmail app uses it correctly, I only tested the stock mail app.
If you have the an escrow key pair (ie. synced to iTunes) your are screwed. If should do a DFU mode restore to wipe the keybag completely.
Citation needed.
Then, even if the device is later locked, they can bulk copy unencrypted files using tools like iExplorer, and browse at their leisure.
It's funny how some business class apps store usernames and passwords in clear text in their app sandboxes.
If you can unlock the phone, you've almost certainly already lost here.
I think most devices paired with an ActiveSync (Exchange, GMail) account are required to use lock codes.
The argument that 'once you've lost the phone you've lost the data anyway' isn't really fair. If a passcode is being used, data marked as being a security concern is protected with the passcode. A 4 digit code is trivial to brute force, yes, but the point is that it should be done anyway.
Using iExplorer to find files is a lot easier than loading a custom bootloader on to the phone, booting custom firmware, brute forcing the passcode and decrypting the files. If anything, the extra time will raise the chance that you can get to a computer and initiate a remote-wipe.
I have not tested with a new 6.1.3 device yet, but if true, this would be a very serious security regression.
How about that, huh ?
