LAS VEGAS–An odd thing happened at Black Hat on Thursday: an Apple security official gave a talk. Seats began filling early, 20 minutes before the talk began, and expectations were high, with many people wondering how much the speaker would reveal about the inner workings of iOS security. And then the talk began and it was fairly clear that the answer to that question was, not much.
The talk by Dallas De Atley of Apple’s platform security team was full of technical details on the myriad security features and defensive technologies in iOS, but most of it was review of the content that was in the white paper on iOS security that the company released earlier this year. Speaking to a packed ballroom, De Atley walked through the security capabilities of iOS, from the lowest level functions of the boot loader and kernel all the way up through the code signing requirements and app permissions.
Apple’s security philosophy, he said, is that security needs to be an integral part of a device or software design from the earliest stages of development.
“Our attitude is that security is architecture. You have to build it in from the very beginning. It’s not something you can sprinkle over the code at the end,” De Atley said.
If that sounds a lot like some of the statements you’ve heard from Microsoft security officials in the last few years, that’s not a coincidence. The philosophy is the same, as is the goal: make life for attackers as difficult as possible. For Apple, this means not only protecting the iOS operating system itself, but also ensuring that all of the apps on the phone behave correctly and that users data is safeguarded as well.
“The phone has all of your personal data and these devices know an awful lot about how we live our lives and become a critical part of how we interact with other people,” he said.
That fact drove a lot of the security features that Apple built into iOS. The iPhone has a secure boot process that handles the way that all of the components are loaded before the kernel starts. It also has a firmware personalization feature that customies the low-level software to each specific device, which enables Apple to selectively disable newly discovered flaws in the kernel for portions of the user population without affecting everyone.
Apple updates iOS on a regular basis, pushing out new versions to users several times a year. But users have to install the updates manually, which can lead to some users running older, vulnerable versions of the software for some time. However, De Atley said that right now, 80 percent of the iPhone user base is running the most recent version of iOS. That means most iPhone users have all of the exploit mitigations, security patches and other updates Apple has released, a nice situation for any vendor.
In addition to the hardware and low-level software protections, De Atley said that a major part of the iOS security model is the way that the devices handle apps. All apps must be signed by the developer, each of whom is issued a code-signing certificate. And third-party apps–those not developed by Apple itself–are given a special set of restrictions.
“All third-party apps live in a container, and it’s randomly assigned at installtion time, so apps aren’t hard-coding where they live on the device,” he said. “The container is sandboxed and that’s enforced by the kernel.”
Before the release of the iOS white paper, Apple officials had not spoken much publicly about the security of the system. Most of what was known about it was discovered through research by outsiders. De Atley’s talk, while not groundbreaking, could be a positive sign of what’s to come in future security communications from the company.
