Here is a quick note that will help at having a look at the behavior of the GMAIL application on iOS (iPhone/iPod/iPad). We focus on updated iOS 5.0.1 with the latest GMAIL App (1.1.0) taken from the Apple Store at the time of this writing. Google will probably patch these security issues more quickly than the time for you to read these humble thoughts.
Some believe it might be more secure to read emails through supposed to be light applications on i-devices, as the emails are probably more localized on the remote web resources, etc.
Through the eyes of an attacker, let's see that a stolen/lost/powned iPhone/iPad could for example help at revealing the content of your emails, contacts, etc.
Moreover, important authentication schemes do not follow Apple security guidelines for developers. This might help an attacker at retrieving interesting cookies in clear text, and then it's possible to hijack a Gmail session and to steal sensitive information as you'll see further.
A fresh new vulnerability ? Let's read...
TEHTRI-Security is a French company founded in 2010, specialising in state-of-the-art technological expertise, with consultants who know, understand and master the techniques and methods of attackers (hackers, business intelligence, computer warfare etc.) as well as the resources needed to counter the current threats.
