iOS security Stories August 10, 2013

While many of us know about and use the simple four digit passcode or more complex alphanumeric passcode to secure the data on our iOS devices, I recently discovered an interesting option built right into the system that I find to be more secure than a simple passcode and more convenient than an alphanumeric passcode.

As mentioned in a recent episode of the Mac Power Users podcast, you can make your passcode more complex without complicating it by using more than 4 digits without involving letters and still using the num pad. expand full story

iOS security Stories July 27, 2012

Apple’s Black Hat presentation on iOS security disappoints, rehashes old white paper

We told you earlier this week that Apple would send for the first time one of its employees, a manager for the platform security team, Dallas De Atley, to speak at the Black Hat conference on iOS security. Unfortunately, while many hoped we would get an inside look at iOS security technologies, a wrap up of the event from The New York Times described the talk as “the equivalent of reading aloud a white paper, timed to a PowerPoint deck, before escaping out a side door.” According to several reports, most of what was covered came from a recently published white paper.

As for what Atley said:

“Our attitude is: security is architecture. It has to be built in from the very beginning,” Mr. De Atley said. In building the iPhone, he said, Apple took a bare-bones approach and sought to use the minimum number of components. Apple purposefully decided not to ship the phone with a shell, or support remote log-in access. “There’s an entire set of attack vectors we don’t have to fundamentally worry about on iOS,” he said.

Mr. De Atley highlighted a number of “sandboxing” technologies Apple had in place. “The goal is to physically isolate and separate processes from each other so that if one has a flaw, it can’t easily wreak havoc on the rest of the system.”

As examples, he noted that all third-party apps were stored in their own container on users’ devices. User data is kept partitioned from the device’s operating system so that any updates to the system do not affect the user’s personal data. He added that every single file created on the iPhone gets its own encryption key and is wrapped in the user’s passcode.

Powered by WordPress.com VIP