For nearly half a decade, teams of hackers and programmers have worked tirelessly to crack Apple’s iOS software code in order to inject new features, themes, and applications. Now, a team led by noted former jailbreak developers Will Strafach, otherwise known as “Chronic”, and Joshua Hill, known as P0sixninja, is working to secure Apple’s mobile platform. The duo, along with a list of unnamed former jailbreak developers, has been working on a new comprehensive platform to secure iOS devices for both enterprises and consumers. Strafach provided us with a preview of the platform known as “Apollo,” the first security product from his new company Sudo Security Group.
iPad Air 2
In a phone interview, Strafach started out by answering the likely first question of those who may be interested in such an application: why should jailbreak developers be trusted with securing devices? As Strafach explained, he and his team likely know more about the inner-workings of iOS and other mobile platforms than any other group of developers, save for those at Apple, because of their experience in tinkering with the operating system’s core.
“We know the iOS system inside and out due to the years we’ve spent buried in disassembly tools seeing how things work. We know what weak spots to keep a close eye on, we know what bits are bloated and may be vulnerable in ways which have not yet been considered,” Strafach said, adding that his team has now “taken on the equally important task of figuring out how to make things better” instead of just figuring “out how to make things break.”
The Apollo security platform, as Strafach explained, can be broken down into two parts: the enterprise path and the consumer application. Let’s start with the enterprise software. Many large corporations use Mobile Device Management software, known as an “MDM” service to manage large numbers of iPhones or iPads, for example, that are used by their employees. For instance, Apple offers its own native tool while major software developer VMWare has its own solution called AirWatch.
The Apollo suite moves to differentiate itself by focusing on security: at a high level, the application uses a backend service known as “Guardian” that scans applications installed on a user’s iPhone to check if the applications include code that can steal user data, inject malware, make background installation attempts, conduct email-based phishing, and weaken the file system’s security. Specifically, Strafach shared the following list of application security checks that Apollo is capable of for employees that bring their own devices to the enterprise:
- Leakage of sensitive data (Intentionally, or due to insecure connections)
- Communications with servers in a non-allowed/sanctioned region(s)
- Utilization of private and/or privacy-invading APIs
- Binary download attempts from unsafe sources
- Suspicious application behaviors which may require a second-look
The service also has a long list of stronger security features for devices given to employees, not brought by employees into the enterprise:
- Strict application whitelist and blacklisting abilities
- Lock down devices as much or as little as needed, configurable based on user group or even individual users
- Disable system applications such as App Store, Messages, and more.
- Disable system features such as screenshots, data sync, and more.
- Web content filtering, both liberal and strong options available
- Heavy monitoring for network I/O activity to watch out for threats
- Activation Lock Assistant – Never get locked out of a company-owned device by a personal Apple ID again!
- Special case malware monitoring – Assure dangerous skimming malware does not find it’s way to your point-of-sale iPad or iPhone.
- Block removal of our MDM and protection software from the device – Even if a hard reset / restore (“DFU Restore”) is performed!
- Perform full system data wipe to be performed at any time
- Prevent company-owned devices which were lost or stolen from ever being used again
Richard Lutkus, an eDiscovery attorney Partner at Seyfarth Shaw LLP who is advising Sudo Security Group, told us that the software is ideal for companies wanting 100% control over their own corporate data on untrusted end points, especially with Sudo application security monitoring software that ensures the device stays malware free and compliant. This is relevant as some companies now ask employees to bring their own hardware. However, Lutkus made it clear to us that the software balances user privacy by sheltering personal data away from the manager of the Apollo system.
- Perfect isolation of personal data and sensitive Work Data.
- Wipe any Work-related contents from the device, while not touching any personal data.
- Maintain full control over anything Work-related on all BYOD devices, while allowing users to still maintain full control over their personal applications and data with no compromises needed.
Beyond identifying and preventing potential attacks, Apollo has a remediation system integrated for fixing breaches:
- Shape policies to encourage self-remediation by end users to streamline processes and reduce IT workload
- Create powerful workflows to fit different levels of security problems
- Send message to device owner to inform them of any detected security violation.
- Send message to manager of device owner or IT department to inform them of detected security violations.
- Automatically generate IT helpdesk tickets for more serious violations
- Remove non-compliant applications from work devices.
- Prevent access to Work Apps until security problems are fixed.
- Prevent access to Work Email until security problems are fixed.
- Prevent access to Work VPN until security problems are fixed
- Prevent connection to Work WiFi network until security problems are fixed.
- Prevent use of Single-Sign On until security problems are fixed.
- Prevent ability to open Work Documents and Data until security problems are fixed.
- Require system Re-scan in Security Center Agent after problems are fixed to ensure that system integrity is intact and no threats are present.
Besides all the deeply technical details and features, perhaps the most intriguing capability for the enterprise suite is its Touch ID integration as a “dead man’s switch.” This system would throw a pop up at the user every certain amount of days, like every 5 days in the above example, that asks the user to authenticate their fingerprint. This system is designed to ensure that the device is still being used by its owner. This is an interesting use case for Touch ID that goes beyond simply logging into an application. Strafach explained that this “provides a cryptographically secure and verified mechanism for verifying that a user themselves is in possession of a device. There is no workaround besides using the genuine fingerprint of the user due to the way we have leveraged PKI (Public Key Infrastructure) and the device’s built-in Secure Enclave to undoubtably verify device possession.”
The enterprise system also has a simple method for blocking employee access to certain types of applications. For example, a CTO could ensure that employees running on a device with the Apollo platform cannot install apps that access contacts or retrieve GPS data. Strafach tells us that the system is customizable to either completely block installation or simply send a warning to the individual employee. Strafach tells us that the server used for analyzing applications would need to be hooked into a company’s on-premise or cloud-based server infrastructure. His team, however, also hopes to roll out a small business version in the future that works around this current requirement.
Due to App Store limitations, Strafach says that the aforementioned consumer application cannot actually read which other apps a user has installed, so its capabilities revolve around checking for malware in the OS and connections to malicious servers. In our interview, Strafach touched upon this and the general App Store approval process:
In the consumer-level app, we have indeed been able to be creative about adding useful detections in an App Store compliant way. But there are certain things which are off-limits to the allowed APIs, as everyone knows, so that is one way our enterprise offering ties into this. The Apple MDM Enterprise APIs allow gathering more information than what App Store complaint APIs allow, so we have leveraged this to benefit users as well. The company wants data to be kept secure and assure sensitive data cannot leak out, so part of this involves utilizing our binary analysis engine to assure that certain invasive apps won’t be loaded on devices. If we are already doing that though, it made sense to us to take this a step further: We have added detections which companies may not care as much about, but which a user absolutely would in terms of their privacy, such as applications which send your location or gender to advertising providers. This increases the incentive for employees to enroll their devices in their employer’s BYOD program as it can actually benefit them, allowing us to distance our offering further away from the current notion of being a “big brother” type solution that is forced onto devices, and instead create an experience that benefits both sides.
Strafach tells us that his company plans to release the enterprise system during the first half of 2016. Special pilot programs and a beta of the free consumer application will become available for 9to5Mac readers in the near future. A website to register interest is also now live, and it will soon be updated with additional information on the platform.