iOS Security - Apple

Apple Goes Open Kimono on iOS Security

Apple normally stays very quiet when it comes to discussing the security mechanisms of its products.  Anyone who reads Optimal Security knows I’m not a fan of that approach. I believe it’s irresponsible. But, it’s time to give credit where credit is due. Apple has released a document that will make life a little easier for anyone responsible for securing iOS devices.

The document, titled iOS Security, provides details on the system architecture, encryption and data protection, network security features and device access for iOS devices. If you develop policies and/or mechanisms for BYOD security, this is recommended reading.

From the Apple iOS Security document:

“This document provides details about how security technology and features are implemented within the iOS platform. It also outlines key elements that organizations should understand when evaluating or deploying iOS devices on their networks.”

• System architecture: The secure platform and hardware foundations of iPhone, iPad, and iPod touch.
• Encryption and Data Protection: The architecture and design that protects the user’s data when the device is lost or stolen, or when an unauthorized person attempts to use or modify it.
• Network security: Industry-standard networking protocols that provide secure authentication and encryption of data in transmission.
• Device access: Methods that prevent unauthorized use of the device and enable it to be remotely wiped if lost or stolen.”

Is Apple now recognizing the growing threats their products face? Prior to this, security researchers have traditionally had to rely on reverse engineering Apple’s products to better understand their security mechanisms. This new “Open Kimono” approach to iOS Security is a welcome and refreshing effort. I hope we will see more of the same.

Download (PDF)


Visto en blog.lumension.com