Security Experts:

Apple (Barely) Pulls Security Covers Back at Black Hat

Black Hat 2012

In a talk at Black Hat, Apple's Dallas De Atley Shared Few New Details; Disappoints Attendees

Apple has not always been the most open company when it comes to discussing security. But for roughly an hour Thursday, Dallas De Atley, manager of the platform security team at Apple, stood in front of a crowd of attendees at the Black Hat USA conference and outlined the company's approach to protecting iOS.

When Apple began designing the iPhone, he said, the company quickly realized there were aspects to developing a secure smartphone that were different from other computers at the time. That idea helped drive the phone's security model.

"Security is architecture - you have to build it from the very beginning," he said.

Unlike a laptop, a phone is "always connected" and "does not fully go to sleep" like a laptop would if a user closed the lid, he said. The fact that a smartphone can contain a significant amount of personal data and be easily misplaced also played an important role in Apple's approach, he added.

Starting with Apple's Secure Boot chain and continuing on to the topics of code signing and sandboxing, De Atley did not cover any unexpected ground; instead, he largely rehashed material from a whitepaper Apple released in May.

While Google Android has been the focus of attention for much of the malware in the mobile world, the iPhone has not been without its challenges. The company's approach has not stopped researchers from poking around and trying to figure out ways to circumvent Apple's protections. In fact, a number of talks at Black Hat covered exactly that, attempting to poke holes in the iOS security blanket in order to steal data from the phone.

"The phone has personal data," he said. "It knows who you call, who you send email to, what websites you visit (and) what games you play. These devices know an awful lot about how we live our lives, and they've become a critical part of how we interact with people."

Subscribe to the SecurityWeek Email Briefing
view counter
view counter