Apple iOS information leakage
Posted by Warith Al Maawali on Dec 27, 2019 in Blog | Comments Off on Apple iOS Mail Client leaking highly sensitive information
Imagine that all it takes to launch an attack on you, is someone asking you to send/reply an email to him. Yes, that is how simple it is after finding out that Apple iOS mail client is leaking very sensitive information. The story began when I received an email and I decided to check for any information leakage via email headers.
I went over my email client and clicked on “show original” as shown below:
What I found was unexpected, both sender’s Internet (this is normal based on SMTP protocol) and local IP addresses (leaked) were sent via email headers as you can see below:
- Number 1: is the local IP address which is behind the router.
- Number 2: is the external Internet IP address (this is normal based on SMTP protocol).
Now you might think that’s the only information which is leaked and the answer is NO. In fact, there are more sensitive informaton as shown below:
- Number 1: is the iOS version and to confirm that, all you have to do is Google the string “16G140” and you will get the following result:
From the above results you can identify the iPhone model which is iPhone 6 based on the current scenario.
- Number 2: is a unique random string which can be a unique ID related to the email itself or to the iPhone device. However, this unique string is not leaked on iOS 13.3.
To take it further, Google “iphone ios 12.4.4 vulnerabilities” and you will get the following results:
By checking out Apple’s security release note we can find the following information:
Now all you have to do is to find and learn how the face-time exploit works and convince the victim to have a face-time call with you 🙂
Are we done? Not yet. The iOS mail client can leak your VPN’s external and internal IP addresses! I performed another test with my colleague Jafer Al Zidjali to confirm this and the results are shown below:
You might think that you are not vulnerable to this information leakage because you have the latest iOS version 13.3. I have tested this on the latest iOS version and the information leakage still exists. This shows that there is no point of using privacy aware email services such as Protonmail or Tutanota ..etc because at the end of the day, the iOS mail client will leak your privacy related information!
I have contacted Apple regarding this issue and I hope that they will release a patch soon but until then make sure you don’t use the iOS mail client unless you want to expose your external and internal IP addresses with your iOS version and device brand.
Note: Before posting or contacting Apple, I have verified on my latest iOS version that iPhone still does not give you the option to control what is sent over the email headers on mail or privacy settings ( screenshots: 1 – 2 – 3 ).
After contacting Apple (26 DEC 2019) I got further disappointed they asked me not to share this information! while they never came back to me to indicate they have fixed it here are my attempts to get them to fix this ( screenshots: 1 – 2 – 3 – 4 – 5 – 6 – 7 ).
Copyright protected by Digiprove © 2019-2022 Eagle Eye Digital Solutions
Latest posts by Warith Al Maawali (see all)
- Apple iOS Mail Client leaking highly sensitive information - December 27, 2019
- Validating VPN nodes - November 3, 2019
- Migrating from php 5.6 to 7.3 - November 1, 2019
- Linux Kodachi 8.27 The Secure OS - October 20, 2013
- Migrating from Vbulletin to Burning board - March 27, 2016