No malware has affected iOS devices at scale
- Decade-long effort to protect customers from security problems
- Incredible scale - over a billion iOS devices
- Every single iOS security feature is designed to protect against real threats
Traditional security vs. iOS Platform Security
- Physical security
- Secure configuration
- Installing latest patches
- Password policy
- Vetted apps
- Mandated policies
- Security built in from silicon up
- Secure default settings
- Walled-garden app store
- Secure Boot
- Data Protection
- Code Signing
- Touch ID
Trust built from silicon up
Secure Boot - Apple public key is burned into Boot ROM at the factory and can't be changed afterwards. That key is used to validate each step of the boot process.
Trusting Secure Boot:
- Keys are securely provisioned and managed by Apple
- Software updates are authorized individually for each device.
Protecting data at rest
User data is encrypted at rest with keys derived from the user's passcode and wrapped using the keys in the Secure Enclave.
SEP refuses to unlock after more than 10 incorrect passcode attempts
'Erase Data' only controls erasure, not unlocking.
Isolating data between applications
The user is asked to consent to certain actions.
Attacker's first step - code execution
iOS code signing covers not just the OS, but every iOS app which runs on the device
- Average user unlocks their iOS device 80 times a day
- Entering a passcode adds friction to this process, so a lot of folks didn't set passcode.
- TouchID was designed to solve this by making it easier to unlock quickly using a fingerprint sensor.
To secure this, the fingerprint sensor was connected to the Secure Enclave via a secure link. The fingerprint information is then encrypted in the Secure Enclave.
Users upgrading their software
Latest versions of iOS are always the most secure version of iOS.
To assist with this software update process:
- Apple has shrunk the size of iOS updates wherever possible.
- The update process gives the user the option to update now, or late at night when the user is presumably asleep.
Developers building secure apps
Follow best practices:
App Transport Security
- Required by App Store at the end of 2016
- Use TLSv1.2, with exceptions for already-encrypted bulk data like media streaming
Know your code:
- The developer is responsible for third-party code included in their app.
- Libraries you use may undermine app security
- Keep third-party code current in your app!
How does Apple know how effective its iOS security is?
- No iOS malware at scale
- Jailbreak solutions usually need to chain together 5 - 10 vulnerabilities in order to jailbreak iOS.
- Black market cost of an untethered iOS jailbreak - recently cited at costing $1 million.
Security is a process, not a destination
See complete list of session and lab notes here: