Apple has released their iOS Security guide for perusal, rather discreetlyThe security guide, the PDF document of which can be accessed here, covers several aspects of the popular OS that include - System Architecture, Encryption and Data Protection, Network Security, Device Access, among others. It rather seems to be the first time that Apple has discussed topics, like the ones mentioned above.
Among other highlighted factors, the report expressed the importance of activating passcodes on their devices. “By setting up a device passcode, the user automatically enables Data Protection. iOS supports four-digit and arbitrary-length alphanumeric passcodes. In addition to unlocking the device, a passcode provides the entropy for encryption keys, which are not stored on the device. This means an attacker in possession of a device can’t get access to data in certain protection classes without the passcode,” the report states. Interestingly, for passcodes, the report added that the iOS interfaces works at discouraging brute-force passcode attacks by increasing the time delays after an invalid passcode has been entered at the Lock screen. "Users can choose to have the device automatically wiped after 10 failed passcode attempts."
The iOS security guide is fairly detailed, giving businesses and iOS developers much-needed insight into the security features inherent within theiOS platform. The idea seems to be to educate third-party developers so that they develop secure apps for iOS users and the entire ecosystem benefits from Apple’s revelations.
Broadly, the iOS security document deals with the following topics:
- System architecture: The secure platform and hardware foundations of iPhone, iPad, and iPod touch.
- Encryption and Data Protection: The architecture and design that protects the user’s data when the device is lost or stolen, or when an unauthorized person attempts to use or modify it.
- Network security: Industry-standard networking protocols that provide secure authentication and encryption of data in transmission.
- Device access: Methods that prevent unauthorized use of the device and enable it to be remotely wiped if lost or stolen.
There’s some interesting revelations from the iOS security guide. For example, the fact that at every stage of an iOS device’s boot process, the different software components involved in booting (kernel, etc.) have to be digitally signed by the relevant hardware components. This makes iOS security one of the best out there.
Researchers have been busy reverse-engineering and second-guessing iOS’ features for several years, and for them most of the features discussed by Apple in the iOS security guide aren’t new.
According to a Kaspersky Lab news website, Charlie Miller, co-author of iOS Hacker’s Handbook, suggested that while there isn’t a lot of new information in the Apple security guide, its publication is still an important event.
To download the PDF document on iOS Security, click here.
No comments:
Post a Comment