Apple Gets Philosophical About iOS Security In First Black Hat Appearance


Apple made its first official appearance at the Black Hat security conference in Las Vegas Thursday, with Senior Security Product Manager Window Snyder and other members of Apple's security team watching the historic event unfold from their front row seats.

Hewing closely to the contents of an Apple iOS security document published in May, Dallas De Atley, manager of the platform security team at Apple, outlined key security technologies in iOS, including Secure Boot Chain and System Software Personalization. De Atley also explained how Apple's security philosophy is seen in code signing, sandboxing and data protection features in iOS.

"Security is architected -- you have to build it in from the beginning. You can’t sprinkle it in after when you are done," DeAtley told a packed room of roughly 400 Black Hat attendees.

Apple's Secure Boot Chain uses the boot ROM built into the A5 processor to kick off a series of cryptographically signed components that ultimately lead to the verifying and running of the iOS kernel. A failure in any of these steps stops the boot process and takes the user to the system restore page on iTunes.

[Related: Analysis: Why Apple's Participation At Black Hat Is A Big Deal]

Apple's System Software Personalization technology defends against so-called downgrade attacks, in which a previous version of firmware is exploited at runtime, enabling attackers to gain control over an iOS device.

Here's how it works: When a user installs or upgrades iOS, the device connects to Apple's servers and sends it a list of cryptographic measurements for the components included in the update. If that checks out, Apple adds a unique identifier, known as an ECID, and signs it, personalizing the update to the device and allowing its installation to proceed.

"This gives us flexibility," De Atley said. It means if we discover a flaw in the boot loader or kernel, we can effectively disable those flaws and not affect the entire user population."

About 80 percent of Apple customers are running the latest version of iOS, and this high rate is due to Apple's simplification of its update process, De Atley said. "We wanted to make it as easy as possible for customers to take advantage of the software updates that Apple puts out for fixes and security issues," he said.

NEXT: Code Signing And Other iOS Security Features