iOS Security Model
iOS provides security right from the hardware level. It extends to System Security maximizing security of OS. Data security safe guards user data with encryption. Moving further App Security guarantees apps are free of known malware.
Here we’ll talk about iOS security categorizing it into below 3 sections.
- System Security
- Data Security
- App Security
System Security
- iOS Secure boot chain
when an iOS device is turned on, it immediately executes code from BOOT ROM which is a read-only memory, known as Hardware Root of trust, is laid down during chip fabrication, and is implicitly trusted. This also contains the Apple root certificate with public key and uses it to verify that the low-level boot loader is properly signed and has not been tampered before loading. LLB verifies the iBoot and iBoot verifies iOS kernel before starting it.
This process ensures lowest levels of software are not tampered and iOS running only on valid Apple devices.
2. System Software Authorization
Apple regularly releases software updates to address emerging security concerns and prevents devices being downgraded to older versions that lacks latest security updates.
3. SEP (Secure Enclave Processor)
Secure Enclave Processor is a co-processor fabricated within the system on chip. It runs its own OS, undergoes secure boot process separate from the rest of the device and receives its system updates independent of the other CPU components. The purpose of the SEP is to handle keys and other info such as bio-metrics and prevents main processor from gaining direct access to sensitive data.
4. Touch ID
Scans fingerprint and store mathematical representation of it in SEP.
5. Face ID
Uses True Depth camera system to accurately map the geometry of the face, use neural networks for determining attention, matching, and anti-spoofing. Data are digitally signed and sent to the SEP.
Data Security
- Device ID and Group ID
Each device has its unique ID(UID) and a device group ID(GID) which are AES 256-bit keys compiled in to the application processor and SEP during manufacturing. No Software or hardware can access them directly. UID allows data to be tied to a particular device, hence if the memory chip is physically moved to another device, the encrypted files will not be accessible.
2. File Level Protection
iOS protects the file data by constructing and managing a hierarchy of keys in conjunction with hardware encryption engine. All keys are stored in SEP.
3. Key chain data protection
The iOS Keychain can be used to securely store short, sensitive bits of data. eg: encryption keys and session tokens.
App Security
- App code signing
App code signing ensures that code is coming from a specific legitimate source/ developer (ensures authenticity) and code has not been altered since it was signed.
2. App Updates
App updates are available to supported devices for security fixes and functionality enhancements.
3. App Sandbox
All third party apps are “sandboxed” and restricted from accessing files stored by other apps and making any changes to the device. Each app has got a “unique home directory” for its files and it is randomly assigned when app is installed.
Based on iOS 9.3, third party apps are located in
- /private/var/containers/Bundle/Application/<unique id>
- /private/var/mobile/Containers/Data/Application/<unique id>
Apple apps are located in /Application
4. Run time process security
- iOS Address Space Layout Randomization(ASLR)
Primarily used to protect against buffer overflow attacks. Buffer overflows require an attacker to know where each part of the program is located in memory. ASLR randomizes the locations of different parts of the program in memory. Every time the program is run, components are moved to a different address in virtual memory. So attackers can no longer learn where their target is to inject malicious data in to the payload.
- iOS Data Execution Prevention (DEP)
All pages in memory are marked as writable or executable but not both.
- Stack Smashing Protection
Canary value is placed after the local variables to detect buffer overflows
- Automatic Reference Counting
ARC keeps track of class instances and decides when it’s safe to deallocate the class instances it monitors. It does this by counting the references of each class instance.
5. App Store Review
Apple reviews apps before publish them in app store for users to download to ensure that apps are free of known malware and haven’t been tampered with.