Apple's iOS Security White Paper

  • strict warning: Only variables should be passed by reference in /var/sites/e/ on line 61.
  • strict warning: Declaration of views_handler_field_user_name::init() should be compatible with views_handler_field_user::init(&$view, $data) in /var/sites/e/ on line 61.
Your rating: None (2 votes)

Apple has posted a white paper on iOS Security. The document is an overview of device booting, code signing, runtime security, encryption and data protection, keychain, configuration enforcement, and Mobile Device Management.

This document provides details about how security technology and features are implemented within the iOS platform. It also outlines key elements that organizations should understand when evaluating or deploying iOS devices on their networks.

Some fun excerpts:

  • When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code is laid down during chip fabrication, and is implicitly trusted.
  • If one step of this boot process is unable to load or verify the next, boot-up is stopped and the device displays the “Connect to iTunes” screen. This is called recovery mode. If the Boot ROM is not even able to load or verify LLB, it enters DFU (Device Firmware Upgrade) mode. In both cases, the device must be connected to iTunes via USB and restored to factory default settings.
  • To prevent devices from being downgraded to older versions that lack the latest security updates, iOS uses a process called System Software Personalization.
  • To ensure that all apps come from a known and approved source and have not been tampered with, iOS requires that all executable code be signed using an Apple-issued certificate.
  • At runtime, code signature checks of all executable memory pages are made as they are loaded to ensure that an app has not been modified since it was installed or last updated.
  • All third-party apps are “sandboxed,” so they are restricted from accessing files stored by other apps or from making changes to the device. This prevents apps from gathering or modifying information stored by other apps.
  • Each app has a unique home directory for its files, which is randomly assigned when the app is installed.
  • The entire OS partition is mounted read-only.
  • System shared library locations are randomized at each device startup.
  • The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused into the application processor during manufacturing.
  • The UID is unique to each device and is not recorded by Apple or any of its suppliers. The UID allows data to be cryptographically tied to a particular device.
  • The “Erase all content and settings” option in Settings obliterates all the keys in Effaceable Storage, rendering all user data on the device cryptographically inaccessible.
  • By setting up a device passcode, the user automatically enables Data Protection.
  • Keychain items can only be shared between apps from the same developer.
  • Because iOS achieves a reduced attack surface by limiting listening ports and removing unnecessary network utilities such as telnet, shells, or a web server, it doesn’t need firewall software.
  • Administrators can enforce complex passcode requirements and other policies using MDM or Exchange ActiveSync,

Recent Activity