Apple aware of iPhone OS 3.0 e-mail security bug
The act of deleting an e-mail within iPhone OS 3.0 isn't enough to destroy its contents, and Apple is reportedly aware of the flaw and could be working on a fix.
Citing a source within Apple, Gizmodo stated that the fix will likely come in iPhone OS 3.1 for the iPhone and iPod touch. The problem, first discovered by Cult of Mac, happens when a user attempts to delete an e-mail. Even after emptying the Mail application's trash, the message -- and all of its contents -- are still accessible through the phone's Spotlight search feature.
To test the flaw, delete a message within the iPhone's Mail software. Remove it from the trash, and check your mail server to ensure it's erased. Then, search for the subject line of the message in Spotlight, where, in many cases, the entire message can still be read.
While some reports allege both IMAP and POP accounts are affected, a number of AppleInsider readers have commented that IMAP accounts are in fact not vulnerable to the Spotlight bug.
"As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn't just strange, it's a disastrous security flaw," John Herrman writes for Gizmodo.
The site's internal tipster doesn't give any certainty, though, only saying Apple will "probably" include a fix in the upcoming iPhone OS update.
Matt Janssen created a video to demonstrate the security flaw. In it, he said that he has been able to find e-mails that are "over three or four months old." He shows off the bug on a second-generation iPod touch using software 3.0, and pulls up a message he deleted from June. When opening the mail through Spotlight, Mail crashes at first, but after opening a second time, the message can be opened in the mail inbox as message "1 of 0."
"These messages are still on the iPod somewhere, even after you delete them, but you can't find them without searching for them," Janssen said. "Like I said, this is a security issue, a bug, and hopefully Apple will fix it in some later releases."
Spotlight search is a new feature of the latest iPhone software, released in June. It offers global search capabilities, which enable users to quickly find apps, notes, e-mails, calendar events, contacts, music and other media files.
Citing a source within Apple, Gizmodo stated that the fix will likely come in iPhone OS 3.1 for the iPhone and iPod touch. The problem, first discovered by Cult of Mac, happens when a user attempts to delete an e-mail. Even after emptying the Mail application's trash, the message -- and all of its contents -- are still accessible through the phone's Spotlight search feature.
To test the flaw, delete a message within the iPhone's Mail software. Remove it from the trash, and check your mail server to ensure it's erased. Then, search for the subject line of the message in Spotlight, where, in many cases, the entire message can still be read.
While some reports allege both IMAP and POP accounts are affected, a number of AppleInsider readers have commented that IMAP accounts are in fact not vulnerable to the Spotlight bug.
"As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn't just strange, it's a disastrous security flaw," John Herrman writes for Gizmodo.
The site's internal tipster doesn't give any certainty, though, only saying Apple will "probably" include a fix in the upcoming iPhone OS update.
Matt Janssen created a video to demonstrate the security flaw. In it, he said that he has been able to find e-mails that are "over three or four months old." He shows off the bug on a second-generation iPod touch using software 3.0, and pulls up a message he deleted from June. When opening the mail through Spotlight, Mail crashes at first, but after opening a second time, the message can be opened in the mail inbox as message "1 of 0."
"These messages are still on the iPod somewhere, even after you delete them, but you can't find them without searching for them," Janssen said. "Like I said, this is a security issue, a bug, and hopefully Apple will fix it in some later releases."
Spotlight search is a new feature of the latest iPhone software, released in June. It offers global search capabilities, which enable users to quickly find apps, notes, e-mails, calendar events, contacts, music and other media files.
Comments
THE GOVERNMENT MAN!
Or it could be just a meaningless glitch that some people will make too big of a deal out of. If anything, they should exploit the glitch, and allow people to actually search all their past emails. There's been a few times on my phone that I wish I hadn't deleted an email.
If there's no restore function for old files then why didn't they program the phone to actually delete the file? Something's stinky here. Like they made it so if it's needed, the GOVERNMENT could pull up all your activity on the phone and analyze your behavior!
THE GOVERNMENT MAN!
Or it could be just a meaningless glitch that some people will make too big of a deal out of. If anything, they should exploit the glitch, and allow people to actually search all their past emails. There's been a few times on my phone that I wish I hadn't deleted an email.
I'd settle for an option to secure delete if required or just delete and the latter with a find in trash and restore option. I assume the wipe when lost function is a secure wipe.
"As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn't just strange, it's a disastrous security flaw."
No, Spotlight is just that good.
I'd also like a Restore feature, but am more interested in actually having my Trashed email properly gone.
"As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn't just strange, it's a disastrous security flaw," John Herrman writes for Gizmodo.
How is this a disastrous security flaw? What scenario presents this as a security flaw?
How is this a disastrous security flaw? What scenario presents this as a security flaw?
It lies beneath.
"As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn't just strange, it's a disastrous security flaw," John Herrman writes for Gizmodo.
I think characterizing this a, "a disastrous security flaw," is something of over-the-top hyperbole. There's no demonstrated malware risk associated with this, and it would only seem to be a problem of sensitive, deleted emails being viewable if your iPhone falls into the hands of someone with nefarious intent, which would probably only potentially affect a very small percentage of iPhone users. (OK, well, the "government" could theoretically view this too, and although I'm a very strong privacy advocate, I think this is a case where, unless you are involved in illegal activities, you don't have anything to worry about as a consequence. Although, it's probably worth noting that certain harmless activities might not be legal in some localities, but, still, I think "disastrous" is a bit overstating the case here.)
For me, at least, the greater concern is that, if all those deleted emails, and attachments, one assumes, are still there on my iPhone, they are eating up my storage space, which I may need for something else. I'd also be concerned if there are other things that are not actually getting deleted, but not viewable through Spotlight: apps, app data, caches, etc.
How is this a disastrous security flaw? What scenario presents this as a security flaw?
I don't see how it would be a security flaw for the iphone per say, but more for it's users. If someone has confidential information in a work email and they thought they deleted everything, then someone steals the phone, that information can easily be accessed. Stuff like login information, delivery dates, blah blah blah.
I'd settle for an option to secure delete if required or just delete and the latter with a find in trash and restore option. I assume the wipe when lost function is a secure wipe.
While they are at it, providing a simple "delete now" that actually deletes instead of just transferring it into a "trash" mailbox would be desirable.
Saving things in the trash is for sissies that can't make a decision IMO. I empty my trash every single time there is anything in it on the desktop and I'd love to have the option of simply having things delete when I hit the delete key. Especially since Time Machine there is just no reason for a two (or more) stage deletion process.
You can empty the trash mailbox on the iPhone just like you can empty your trash-can on the desktop but it's a tedious four or five stage process as opposed to the two or three stage one on the Mac. The only automatic deletion feature on the iPhone, set to the shortest possible time period, still keeps everything in your trash for a full day, (which is about 23 hours 55 minutes longer than I want it to be there), and is a security risk in itself.
If you can't simply delete sensitive information when you want to, and know that it's deleted as opposed to being in some "trash" folder on a server or on your own device, how secure are you in the first place?
just go to the settings and disable e-mail in spotlight search!!
it finds emails that haven't even been written yet!
(BTW, I recommend the Broncos for next year... who would have guessed!?!)
This bug, which hardly rises to a level of much significance, could lie in the iPhone's file system, or might be a Spotlight implementation issue.
i found a real a fix!!!!
just go to the settings and disable e-mail in spotlight search!!
You found a workaround, not a fix. That is a good idea for some, but not for those who use spotlight to search for e-mail content.
I couldn't duplicate it on my iPhone 3GS using my SMTP email account.
The bug only works for old-fashioned POP email accounts, not sure what an "SMTP" email account would be, but if you are using IMAP like most of the modern world, this isn't even an issue.
Something that the article above would do well to update with.
It's been identified as a "spotlight caching issue" on POP email accounts only.
Err, message from Cluetown: when you delete files from a computer (which is what the iPhone is) they're NEVER really deleted unless some security program is invoked to overwrite them. Instead the file system's pointer to their location is deleted or toggled off. This would be somewhat similar to erasing a chapter listing from a book's table of contents, but leaving the pages themselves in the book. All of us have computer hard drives that are brimming with supposedly deleted files; it's simply that an undelete utility is required to recover them.
This bug, which hardly rises to a level of much significance, could lie in the iPhone's file system, or might be a Spotlight implementation issue.
Well, yes, it does depend on the exact nature of the bug (and the file system) how serious a problem this really is. Yes, the data of deleted files are still there on your computer, immediately after you delete them, but, over time, the areas of storage occupied are typically, wholly or partially, overwritten with other data, so that the data can't really be considered persistent. One question in this instance would be: just how persistent are these emails? Will they eventually be "deleted", and under what circumstances?
If it were a flaw in the file system or Spotlight, one might expect that other apps, like Contacts, would exhibit similar behavior (although, not necessarily). On the other hand, it might be some artifact in Mail left over from development -- i.e., someone forgot to remove or uncomment some code that prevents or performs the actual file system deletion.
You found a workaround, not a fix. That is a good idea for some, but not for those who use spotlight to search for e-mail content.
Well, I'm not even sure it's a workaround since someone in possession of your phone can turn it back on.
The bug only works for old-fashioned POP email accounts, not sure what an "SMTP" email account would be, but if you are using IMAP like most of the modern world, this isn't even an issue.
Something that the article above would do well to update with.
It's been identified as a "spotlight caching issue" on POP email accounts only.
I verified this: on my Imap (MobileMe) account, email is deleted after sleep; unfortunately not so on My POP accounts.