Apple has invested a lot of effort, Technology as well time to established a stronghold among its users on encrypted and secured mails. And if you are one of those users who trust on Apple’s encrypt and secure the ability of emails sent by Apple that you must know this piece of information that there might be a possibility that those emails aren’t as encrypted and secured as you believe!
Yup, you read it exactly right! According to Bob Gendler, who spotted this fault in the emails sent through Apple device said that if the emails are sent through Apple mails, there are parts of the text that are visible. This is because Siri uses a database file name as ‘Snippets.db’ to suggest information to the users. And hence some of the information is saved in the database files of MacOS and other apps which are then used by Siri to suggest enhanced and better content to the users.
Although the entire text is not saved still, some parts are saved, which might pose a threat to the users. For hackers might use this vulnerability of Apple mails for phishing acts and scams.
However, if you use FileVault whole drive encryption, then this alarm is not for you. And if the third party is a trustable one, then it’s not much of an issue even if you turn FileVault whole drive encryption off.
Bob Gendler, an Apple-focused IT specialist, said in an interview, “Let me say that again… The snippets.db database is storing encrypted Apple Mail messages…completely, totally, fully — UNENCRYPTED — readable, even with Siri disabled, without requiring the private key. Most would assume that disabling Siri would stop macOS from collecting information on the user. This is a big deal. This is a big deal for governments, corporations and regular people who use encrypted email and expect the contents to be protected. Secret or top-secret information, which was sent encrypted, would be exposed via this process and database, as would trade secrets and proprietary data.”
He also added that he bought up this issue in the notice of the Apple authority dated back on July 29, 2019. And the Company replied to him on November 5, 2019, with a solution and assurance that it will be resolving this issue in the upcoming update.
Gendler’s question on the part that, “It brings up the question of what else is tracked and potentially improperly stored without you realizing it.” is absolute on the mark.
For if hackers were to break into your system and have already been searching for some sensitive information, this vulnerability might play a huge part in their achievement and acquisition of personal as well as sensitive information.
And it also seems there’s still room for some improvement on Apple’s part for responding to the queries and grievance of the customers and staff. As it appears from Gendler’s statement that Apple sure took it’s sweet on such a dire issue for even though the probability of getting hacked might just that of a hairline. But no one can predict the future or can expect any mishap.