Add caption
 |
 |
| Add caption |
CUPERTINO — In a press briefing Friday, Apple discussed how security works on the iPhone and iOS. The meeting, which was often technical, shed insights into its broader approach to security.
Although the meeting wasn’t specifically about the battles the company has had with the FBI and parts of the U.S. government – including cases in San Bernardino and Brooklyn – that conflict was still the elephant in the room.
Still, Apple insists its goal with iOS and iPhone security is not about protecting users from the government, it's about protecting users from hackers.
SEE ALSO: A timeline of Apple's fight with the FBI
Senior Apple engineers said that although the security has been a big part of how the company approaches its design for the last two decades, it’s become even more important in the last decade because of the iPhone.
The iPhone, more than any other product, is a place where customers place their most important and private information. Everything from identity information to health information is stored on the device and Apple engineers say that the company feels its imperative to protect that information from hackers trying to break in.
At the meeting, senior Apple engineers, who declined to offer individual comment, discussed the company's approach to security.
Building security from the ground up
The fact that hackers are the real threat vector, not the government, was a theme in the briefing.
Describing security as a process and not a destination, senior Apple engineers were quick to assert that there is no such thing as 100% security, but that the company is focused on building its system from the ground up to be as secure as possible.
The engineers also stressed that security is dynamic, not static. And because the situation is always changing, security can never be seen as complete.
For Apple, it feels that one of its core advantages is that it controls the whole stack of hardware and software. Moreover, Apple has designed security into its products from the silicon up.
Calling Apple “the most effective security organization in the world,” senior Apple engineers repeatedly emphasized that the entire Apple ecosystem was designed with security in mind.
Because Apple designs its own chips and its own operating system, it is in a unique position in the industry when it comes to hardware/software integration.
A significant portion of the briefing was spent on how the secure boot process for the iPhone works. These details are also outlined in the iOS Security White Paper.
This is how that document describes the boot process for an iPhone:
Image: Apple
In other words, hardware embedded into the chip on the phone checks the software before it boots to make sure it is secure and actually signed by Apple. This is done as a way to prevent hackers from taking over the device and putting another rogue version of an operating system on a device.
iOS devices with an A7 or later processor (so the iPhone 5S and newer), also have a Secure Enclave processor (SEP) which is also has its own secure boot process.
Again, Apple stresses that bugs are always possible – there is no such thing as 100% security – but the senior engineers pointed out that separating the components of boot process limits those bugs.
Consider that iOS has millions of lines of code. Chances are, bugs can exist in that software. But at the lowest levels – where the Boot ROM and Low-Level Bootloader live, it’s more like a couple of thousand lines of code. Source from https://www.yahoo.com