3 hours 58 minutes

Video Transcription

So now that we've examined the IOS architecture, let's dig into some IOS security features.
So in my opinion, if there's one thing Apple takes pride in, is its overall security of its Apple products, I would even say that this is one of the reasons why Apple has such a low rate of Mauer infections. Now. Apple accomplish this not only by building security into their hardware software data protections,
but they also have decided not to include support for pieces of software
that are constantly riddled with vulnerabilities like Java are flash.
What might surprise you is even their movie files and other files like PDS are only partially supported. So while these may not be popular choices to the overall user community, it does reduce the overall tax surfaces that Attackers could use to compromise in IOS device.
In general, we can understand Iowa Security by breaking its features into groups
now, although I was to them here as System Application and David Security really, the features of IOS work together to offer a comprehensive security protection for a device running IOS.
When Apple was designing its IOS, they analyzed the attack surface is present in its Mac OS and design and architecture that tight in the mobile system and protected the entire device. This is presented here inthe isa Cure it e architecture diagram. But not only does IOS protect the device in its data at rest, but the entire ecosystem.
This includes everything users do locally
on networks and even on the Internet.
Thes features air present within the hardware of the device, which utilize the hired layers of abstraction to interface. With the software higher in the stack,
the first set of features will examine is system security. So when we discuss system security Oven IOS device, we're talking about how the device boots up its operating system protection systems, software authorizations and data protection mechanisms.
To summarize the hardware on the device works with the security en clave to create a chain of system integrity and verification from the boot process
to the running of the IOS. If any of these processes fails, the vice will boot into D F U mode or ask to be restored, so the security en clave is quite complex, and we won't really dive into it here. But all you really need to know is that it's there and provides all cryptographic operations for data protection and handles the key management
the hardware. The device contains an imprinted key which is implicitly trusted during the manufacturing of the device, and it's verified by the secure anklet of during the boot process.
The data on the device is protected using A S 2 56 encryption, which is performed by the crypto engine. The A s Keys refused to the hardware which are access by the security enclave via direct memory management
or direct memory access.
Data protection is enabled when a user enables a passcode touch I d and or face i D
Data protection works by taking the user's pass code, which is entangled with the unique hardware device i d. This process results in a key used to encrypt the data on the device at rest.
Lastly, system security includes software authorizations and integrity verifications to prevent older versions of an IOS to be loaded on a specific device.
Next, we'll take a look at application security. Thes teachers are the most important to us as we analyze malware, so let's cover them here and then discuss them further as we dissect applications later.
So to ensure applications security. All code within our application must be signed by Apple. This verifies that the code has come from an improved source and hasn't been tampered with. IOS was going to enforce this by using an apple, a signed certificate and also by checking other loaded libraries
within the applications. Memory address space.
All applications perform runtime security protection by operating within their own dedicated sandbox and running as an unprivileged user. So you may be asking yourself, Well, wait a second. Don't my APS share data all the time? While the answer is yes, yes, they dio.
If an application needs access to information, another application or part of the system say, for example, the address book
special buying areas called Extensions Air Package into the application to perform this function. The runtime security is maintained because extensions operate within their own framework and don't have access to each other's address space. You can really think of these extensions as a message handler.
Application securities also maintained through the use of AP groups. APP groups allow the developers of a certain family of applications to share content. This allows APS to create a shared volume or preferences and key chains too can be shared.
Lastly, the IOS Software Development Kit provides a suite of AP eyes to adapt data protection techniques. Speaking of data protection as we've mentioned, data security and protection methods are implemented by hardware and software throughout the security stack. Some features we've already mentioned, such as encryption in pass codes
and they're there to protect data in the events. Other areas of the security infrastructure may have been compromised.
In addition to encryption, IOS Implements filed protection a method to protect data stored in flash memory when it's in use by the system maps such as the calendar or contacts. Although we won't cover in this course, the file protection method is implemented using a key rap construction,
which is a type of symmetric encryption algorithm designed to protect cryptographic key material.
IOS also implements key chains which are secure containers for holding sensitive bits of data such as log in tokens and keys. These air also encrypted using A S 2 56 Lastly, key bags is a data structure used to store a collection of class keys,
class keys, air used during the file protections process, and they're used in the key wrapping algorithms.
Key bags are also protected with encryption keys generated by the underlying hardware. Okay, while that's a lot to take in, I hope you're still with me. I know the security architecture is a bit confusing. We've mentioned key so many times that it's tough to know which key goes to which lock.
Well, The good news is that for now, we only need to be aware of the protections and not really know them in depth.
Nevertheless, we can see that Apple has really taken security seriously. Stars Mao Analysis concerned You'll see a bit later that these protections make our lives a bit more complicated.
So let's wrap up the security architecture discussion with some brief words on network security.
So Apple includes many networking security features to give information, secures, it travels to and from an IOS device.
To achieve network security. Apple has employed many mature networking technologies and calmly supported networking protocols in its IOS devices. In most cases, these network protections air enabled by the fault. For example, when AP, such as male and Safari center received data, T les is the default protocol used to communicate.
Apple also utilizes common immature technologies to connect two different networks, such as Virtue, apartment Networking and WiFi, both of their implementations support industry, standard protocols, encryption and authentication methods. Bluetooth has also been designed with security in mind as it utilizes encryption protections and service level security.
Lastly, Apple has built upon Bluetooth technology to create many new features, such as air drop in WiFi sharing, which also employed encrypted data transmissions between parent devices. As it regards Mauer analysis, the biggest takeaway here is that when we look at networking components of applications,
it will most likely implement some type of networking security features
utilizing well documented networking technologies.

Up Next

Mobile Malware Analysis Fundamentals

In the Mobile Malware Analysis Fundamentals course, participants will obtain the knowledge and skills to perform basic malware analysis on mobile devices. Participants will perform these tasks by learning and implementing tools and techniques while examining malicious programs.

Instructed By

Instructor Profile Image
Brian Rogalski
CEO of Hexcapes