Update: The developer that originally posted about this story on HackerNews has since admitted that his hypothesis was wrong, and it’s unfair to place blame on Mailbox
The iOS Mailbox app is definitely a great way to organize your emails. It has a very user-friendly user interface, making it very easy to use. But a recent news revealed that its lack of security features provides thieves or hackers easy access to your emails too.
A hacker just discovered an iOS Mailbox flaw that could potentially expose the sensitive contents of your emails. The vulnerability was discovered recently by Subhransu Behera or Subh. His find was also posted on his personal blog titled, “Mailbox iOS App is a Security Fail”.
According to Subh, he is a big fan of iOS apps. He says that the apps motivate him to develop better codes. However, he always questioned the security features of the Mailbox iOS app due to its lack of data protection. So, he tried to verify the weakness of the app by using the iExplorer tool.
The iExplorer tool is primarily used to transfer songs, videos and other files between iOS devices. But Subh found out that the tool could explore the contents of the Document and Libraries of the iOS Mailbox as well.
The mentioned places are where iOS developers usually store sensitive system information he said. So, if your device gets stolen, all the thief needs is the iExplorer tool and the person will immediately gain access to a bunch of your personal and even financial information. Your device does not even have to be jailbroken for the process to take place.
The tool is capable of opening the attachments of your email stated the programmer. Just by opening the “Attachments” folder using the tool, all your source codes for apps up to bank statements, transaction details and other personal information can be easily acquired by the person holding your iOS device. What’s more, using an additional SQlite tool will give the thief an access to sqlite folders that contain your actual email conversations, contacts and more.
The discovery is quite scary. Well, losing your phone due to theft or some other instances can be quite frustrating. But when it comes with exposing every single bit of information about you is definitely very alarming. With it, you could potentially lose more money or you could become a target of blackmails. The worst probably is it might even pave the way for identity theft.
Subh recommends the iOS Mailbox developers to come up with an enhanced security feature to solve this predicament. He said that more security can be achieved in just a matter of adding extra lines in their programming codes anyway.
In addition, there is already the iOS SDK that offers ways for developers to secure their data. He commented that it is quite surprising for a popular app like the Mailbox not to utilize it to their advantage.
The hacker cleared out that you are only prone to this exploit if you use your email as storage of secure information. If you regularly clean up your email or you do not use it as a venue of exchanging sensitive information, this won’t be a big problem.