Apple Gets Philosophical About iOS Security In First Black Hat Appearance6:05 PM EST Thu. Jul. 26, 2012
Apple made its first official appearance at the Black Hat security conference in Las Vegas Thursday, with Senior Security Product Manager Window Snyder and other members of Apple's security team watching the historic event unfold from their front row seats.
Hewing closely to the contents of an Apple iOS security document published in May, Dallas De Atley, manager of the platform security team at Apple, outlined key security technologies in iOS, including Secure Boot Chain and System Software Personalization. De Atley also explained how Apple's security philosophy is seen in code signing, sandboxing and data protection features in iOS.
"Security is architected -- you have to build it in from the beginning. You can’t sprinkle it in after when you are done," DeAtley told a packed room of roughly 400 Black Hat attendees.
Apple's Secure Boot Chain uses the boot ROM built into the A5 processor to kick off a series of cryptographically signed components that ultimately lead to the verifying and running of the iOS kernel. A failure in any of these steps stops the boot process and takes the user to the system restore page on iTunes.
Apple's System Software Personalization technology defends against so-called downgrade attacks, in which a previous version of firmware is exploited at runtime, enabling attackers to gain control over an iOS device.
Here's how it works: When a user installs or upgrades iOS, the device connects to Apple's servers and sends it a list of cryptographic measurements for the components included in the update. If that checks out, Apple adds a unique identifier, known as an ECID, and signs it, personalizing the update to the device and allowing its installation to proceed.
"This gives us flexibility," De Atley said. It means if we discover a flaw in the boot loader or kernel, we can effectively disable those flaws and not affect the entire user population."
About 80 percent of Apple customers are running the latest version of iOS, and this high rate is due to Apple's simplification of its update process, De Atley said. "We wanted to make it as easy as possible for customers to take advantage of the software updates that Apple puts out for fixes and security issues," he said.
NEXT: Code Signing And Other iOS Security Features
Apple's code signing applies to all iOS apps, including Mail, Safari and third party apps on its App Store. This, De Atley said, lets Apple ensure that all software running on the device is coming from a known location.
"This fundamentally represents the first line of defense against malware on the device. It means we can sidestep an entire class of malware," he said.
With sandboxing, the goal is to physically separate processes from one another so a vulnerability in one portion of the system can't wreak havoc on the entire OS. In the iOS world, all third party apps live in their own secure container, which is itself randomly assigned at the time of each install, in a random location, De Atley said.
"This means apps are not hard coded where they live on the device," he said. It's building a layer of abstraction between user data and other apps on the system."
With so much personal and sensitive corporate data residing on iOS devices, Apple has spent a great deal of time figuring out ways to protect that data, de Atley said. Nand Flash makes it difficult to delete data, so Apple developed a technology called "effaceable storage" that reliably erases data, allowing for local and remote wiping of data, he said.
"These devices know an awful lot about how we live our lives," he said.
De Atley did not take Q&A after his presentation, and he and the rest of the Apple security team slipped hastily out a side door as Black Hat attendees approached the stage afterwards.
Apple certainly broke ground by presenting at Black Hat this year, but whether it will continue to engage and work closely with security researchers remains to be seen.