An Inside Look at Apple’s iOS Security

iOS security is becoming a huge topic, and for good reason. Today, there are all kinds of accusations and proven methods of security breaches, whether by a professional hacker, someone who accidentally allowed a device to be bugged, and spying by the government.

Apple’s iOS Security Whitepaper

With discussions heating up, Apple updated its whitepaper on iOS security at the beginning of 2014, which addresses both processes and technologies implemented as a means of keeping its mobile platform secure. Among the new information listed, there are certain things that everyone should know

  • End-to-End Encryption – Last year, Apple announced that end-to-end encryption is used to protect iMessage data. To function, this service relies on public-key cryptography, a technology that uses two extremely long numbers based on secure and random data; one is used to decrypt information that has been encrypted with the other. Once a device’s messaging has been activated, a pair of keys is generated by iOS, with one known as a public key going to Apple and the other securely locked away in local memory storage.
  • Lightning Cables – In lightning cables, which bolster device safety, are authentication chips used by iOS to verify an authorized manufacturer produced them. This authentication process extends beyond cables to virtually any authorized accessory interested in communicating with iOS, including connections through Wi-Fi and Bluetooth.
  • Siri – The digital assistant named Siri also offers security measures implemented by Apple. A lot of the work performed by Siri occurs on Apple servers, as opposed to an individual device, which makes it possible for complex functionalities to be offloaded. Updates outside of iOS conventional cycles are also performed. In order for Siri to work, very specific information must be sent to Apple, including a full voice recording transmitted with name and close geographical location. However, for privacy protection, the “progressive disclosure” mechanism restricts the amount of information that reaches Apple’s server.
  • CPU – Inside every iPhone 5s developed is a CPU known as A7. This CPU is loaded with technology, one in particular being the “secure enclave.” This special type of co-processor actually helps provide iOS with an area of memory for added security. During manufacturing, the enclave is given a unique digital identifier, something not even Apple knows. Because of this, the only way the CPU could be hacked is if a criminal with in-depth knowledge and experience stole the device.
  • Keychain Sync – Another incredible feature for optimal iOS security is the keychain sync, which is designed to withstand just about any attack. With this, even if the iCloud password is reset, the iCloud system is compromised, or the device is hacked, keys can be recovered and the device synced securely using highly advanced elliptical algorithms with encryption and a complicated network of asymmetric digital keys.

Ongoing Risks

The iOS platform was built around security and, as such, boasts digital key exchanges, hardware protection, software sandboxing, and complex mechanisms of encryption. Although it is obvious that Apple remains 100 percent committed to both the privacy and security of its customers, and virtually everything that runs through iCloud and Siri has end-to-end encryption, malicious tweaks are always possible.