Apple has never taken the stage at the Black Hat conference to explain IOS security. That all changed last week, as Apple Platform Security Manager Dallas De Ately took the stage and explained in great detail how IOS is built for security from the ground up.
“IOS is different than Mac,” De Atley said. “The baseband components are always on for notifications, the device never fully goes to sleep and the phone is always connected.”
De Atley added that with IOS there is always networking infrastructure that is aware of the device and can send it data as well.
“The phone knows a lot about how we live our lives and it has a lot of personal data,” De Atley said. “We thought about all these things when building the IOS operating system.”
The security of IOS starts with a Secure Boot model. De Atley explained that secure boot allows the device to trust the kernel it is running. He noted that the IOS kernel is the ultimate authority for allowing things to run and secure boot is how the device and the users can trust the phone.
Secure Boot is built right into the Apple A5 processor that powers iOS devices. The boot rom on the A5 has a fingerprint of the root Certificate Authority for Apple. De Atley explained that this allows the boot rom to validate all the components on an IOS device. Apple digitally signs each piece of the firmware so that a a chain of trust can be established as the device is booting.