This long and comprehensive story at MIT’s Technology Review provides a great deal of information about the iPhone’s journey from security joke to a device that so well protects its data that the feds are concerned that they won’t be able to recover information stored on it by criminals.
The initial iPhone was released in June 2007. According to the story, it allowed root privileges to each application. That, to say the least, was a big problem. The story traces the fast maturation of the iPhone. The first big step was sandboxing and the use of the Advanced Encryption Standard (AES). The writer explains what that is, why it is so powerful and how it relates to the iPhone and the iPad.
The story from Simson Garfinkel offers a level of detail that makes it worthwhile to read. Apple — and the security vendors with which it and other device makers work — clearly has done its jobs well:
In fact, in its efforts to make its devices more secure, Apple has crossed a significant threshold. Technologies the company has adopted protect Apple customers’ content so well that in many situations it’s impossible for law enforcement to perform forensic examinations of devices seized from criminals. Most significant is the increasing use of encryption, which is beginning to cause problems for law enforcement agencies when they encounter systems with encrypted drives.
Garfinkel’s story is a good scene-setter for the news — which apparently was considered significant in security circles — that Apple late last month spoke for the first time at the Black Hat conference. Black Hat, which has been held for 15 years, is considered the most important event on the security circuit. The news was a mixed bag: The very fact that Apple appeared was considered a significant move. However, the presentation itself left people disappointed, according to Bloomberg:
By re-hashing known issues, Apple may have missed a chance to engage on a deeper level with researchers about its efforts to protect users’ data. Yet for a company that has been loath to even acknowledge that its products could have security issues, De Atley’s appearance is a reminder that getting big companies and hackers together is sometimes a process that moves ahead in small steps.
The excerpt refers to Dallas De Atley, the manager of Apple’s platform security team. The piece says that the presentation largely regurgitated a white paper posted by the company in March and said that De Atley didn’t take questions after his prepared remarks.
The bottom line is that Apple is paying a lot more attention to security, though it clearly doesn’t like talking about it. That attention is extending to how users interact with their iPad or iPhone. Here, in a well-done short video from Kaspersky’s Brian Donohue, the various layers of protection from which consumers can choose are described. The bottom line is that between the security measures Apple is building into the guts of iOS and the options it is making available by choice, iPhones and iPads are well protected.