Apple’s iPhone may be the world’s most secure device. Apple designed the operating system and manages the apps it approves in such a way as to create what is widely described in the tech community as a walled garden.
Here’s the problem: Like all defensive walls, only the most sophisticated, most advanced enemy can get it. But once in, those walls make it equally challenging for defenders to root them out.
“It’s a double-edged sword,” Bill Marczak, a senior researcher at the cybersecurity watchdog Citizen Lab, tells MIT Technology Review. “You’re going to keep out a lot of the riffraff by making it harder to break iPhones. But the 1% of top hackers are going to find a way in and, once they’re inside, the impenetrable fortress of the iPhone protects them.”
He says that as Apple makes the iPhone ever more secure and difficult to hack, attackers aren’t just sitting back. They are developing ways to take over an iPhone invisibly.
“These allow attackers to burrow into the restricted parts of the phone without ever giving the target any indication of having been compromised. And once they’re that deep inside, the security becomes a barrier that keeps investigators from spotting or understanding nefarious behavior,” writes article author Patrick Howell O’Neill.
According to O’Neill, Apple’s security measures force defenders to look for indirect clues to the safety of a device. iVerify, one of the few Apple-approved security tools, looks for anomalies such as unexplained file modifications to detect breaches.
Now, the security Apple has designed into its iPhone ecosystem is spreading to other of the company’s products, notably the Mac.
Says security researcher Patrick Wardle, “Apple saw the benefits and has been moving them over to the Mac for a long time, and the (special) M1 chip is a huge step in that direction.”
Though Apple’s rules are intended to protect users’ privacy and prevent malicious intrusion, the article says hackers are “creating code that exists in a place where Apple doesn’t allow outside security tools to pry. It’s a game of hide-and-seek for those with the greatest skill and most resources.
‘Security tools are completely blind, and adversaries know this,’ Wardle says.”
O’Neill tells us there is no likely fix to the problem. Apple, he says, “Argues that no one has convincingly demonstrated that loosening security enforcement or making exceptions will ultimately serve the greater good.”