[Samuel_Michon]

“if anyone else can get hold of your phone, he can access to files of those apps where data is not protected.”

As always, if someone has physical access and unlimited time, no device or computer is safe.

Also, Mailbox.app only supports GMail. Security minded people are obviously not the target market.

[huskyr]

If you get physical access you can also read all the mails in Apple's Mail.app, or any other app on the device. Maybe not using a tool, but you can easily read them in the app, forward them, and send fake e-mails using the account of the user.

(edited to make my point more clear :)

[potatolicious]

Not if the device is locked. The author talks about this in the post - a properly secured file is only decrypted when the device is unlocked (in which case the mail is readable by anyone with fingers, no need for fancy USB cables).

When the device is locked the file is encrypted and cannot be easily retrieved with a USB cable and a file explorer. An app that does not properly secure its files is readable even when the device is locked.

[delinka]

That's not entirely correct. If the app uses the correct APIs to inform the system that particular files need more protection, then those files receive more protection. The details are available to a free dev account on Apple's developer site. As long as the device remains locked, such files remain encrypted.

Whether users pick appropriate passwords is another matter entirely.

[andyhmltn]

Or, you could just... open up Mail.app? and read the emails without a tool haha.

[huskyr]

Yes, that's my point.

[0x0]

Are you sure about that? I would think that Mail.app used apprioriate file protection settings, in which case the file contents is encrypted with a key derived from the user's PIN/passcode

[fruitydrink]

Well that's a non-issue, a locked iPhone will secure Mail.apps data it won't secure Mailbox because Mailbox hasn't told the phone to.

[fruitydrink]

@Samuel_Michon I take issue with the crap you are spreading.

>if someone has physical access and unlimited time There is no such thing as unlimited resources.

If I had unlimited time I could crack every encrypted message on the planet.

Using DPAPI turns a 30 second hack into an online cracking job. The crypto processor in the iPhone can only check one password every ~80ms and you need the chip with you. An attacker cannot do an offline attack.

[erishig]

Does that mean that basic security should not be in a company's mind, especially when it comes to the kind of data emails can contain? Mailbox is BIG. We are not talking of an average app here!

[DanBC]

Email is not secure. Email has never been secure. Nothing you send over email is secure. There's little authentication and no signing.

All this stuff can be kludged onto email, but the attitude should be "unless I've taken measures to add security this thing is not secure".

[potatolicious]

Sure, but that's also like saying "car accidents are inevitable, so let's not put on our seat belts".

A basic bit of security, especially one that doesn't put any more load on the user (to have to maintain or set up) is a pretty big no-brainer. Raising the bar for a successful hack is also worth doing when the cost is a single line of code and no effort on the user's part.

[DanBC]

If we're using analogy it's more like telling bicycle riders to use anti-puncture tape. Sure, it'll reduce the chance of getting a puncture but does nothing when they go under a truck.

What's on offer here? 10 minutes extra tamper resistance? For a protocol which is inherently insecure?

[potatolicious]

What's on offer here is the ability to exclude a large class of attackers entirely - script kiddies with a commonly available file explorer tool.

Sure, if you're the CEO of some big company and a skilled attacker really wants at your email, this is only a stopgap - but this is also sufficient to stop less proficient attackers entirely. For most people this is all they need.

> "it's more like telling bicycle riders to use anti-puncture tape."

If anti-puncture tape has literally no downsides whatsoever to the bicycle rider's experience, and costs nothing, then yes. Why wouldn't you have it?

[Blahah]

Actually a small class of attackers - script kiddies with a commonly available file explorer tool and physical access to your phone.

[bjustin]

Email in may not be generally secure but it is still easier to plug a phone into a computer than to access someone's email account without knowing their credentials. 10 minutes could be the difference between someone copying your emails from your lost iPhone and said person being unable to copy anything because you remote wiped your phone.

[Samuel_Michon]

“Does that mean that basic security should not be in a company's mind”

I wasn’t suggesting it shouldn’t be. My point is that the article’s headline is overly dramatic: Mailbox.app is not a complete security failure because of one hack that requires physical access. Given that Mailbox only supports GMail, I’d be more worried to put my email in Google’s hands than worrying over someone grabbing my phone out of mine.

“Mailbox is BIG. We are not talking of an average app here!”

Mailbox.app is a free app that has been downloaded a couple of million times, I wouldn’t call it “BIG” yet. It’s very new, it’s still on version 1, so it’s not expected to be perfect.

[bloblaw]

> Mailbox.app is not a complete security failure because of one hack that requires physical access

The problem is that we take mobile devices with us every place we go. So physical access is not difficult to obtain.

This really is a big deal primarily because the developers of Mailbox.app did not take steps to even obfuscate the stored data...which would deter all but the most determined of attackers.

[mikeash]

You are confusing access to the computer itself with access to the data it contains.

Given physical access and "unlimited" time (i.e. no more than a million human lifetimes, say), then certainly an attacker can gain access to the device and make it do what he wants.

However, if the data on the device is securely encrypted, then physical access and (reasonable) time doesn't matter. He won't be able to get at the data.