Attend IT Blog

Attend IT Limited has been serving the Brentford area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Are Apple Devices Immune to Threats? Don’t Bet On It

Are Apple Devices Immune to Threats? Don’t Bet On It

For a very long time, Apple has been requested to share a workaround for their platform security with law enforcement, which the company has refused outright. Their argument has been that doing so would inherently undermine their lauded security. Well, the feds have given up asking, because they went ahead and developed a workaround themselves… and in doing so, have revealed that iOS isn’t quite as secure as it was purported to be.

Let’s discuss this means for your business’ security.

The Discovery

In mid-January, a team of cryptography researchers published a report that detailed their findings after closely examining the security measures that were implemented in modern mobile devices. Their study, entitled Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions, sought to determine three things:

  1. What security measures are currently in place to help deter unauthorized access to user data
  2. How unauthorized access is obtained on modern devices
  3. How mobile security can be improved to prevent unauthorized access moving forward

After an in-depth analysis of both platforms, the results were clear, but could still surprise a loyalist to Apple and their reputation for untouchable security. While both operating systems performed admirably, neither Android nor iOS had extensive enough security preparations—enabling anyone who had the right equipment, so to say, to access the operating systems.

While the report did state that the researchers were able to “find a powerful and compelling set of security and privacy controls, backed and empowered by strong encryption” in iOS, these tools simply were not used consistently enough to sufficiently secure these devices.

Android’s issue laid more in the diversity of phones and manufacturers that Android can be found in, with lacking communications between Google and phone developers, slowly implemented updates, and differences in software architecture leading to inconsistencies in the platform’s security and privacy controls. Both platforms share a weakness where their data is synchronized with cloud services.

Mind you, these are all vulnerabilities in the physical device and its software infrastructure itself. In the rest of the report, the researchers detailed the specific vulnerabilities that each platform presents.

Apple-Specific Weaknesses

Apple enables users to securely store their data in its iCloud cloud solution, but according to these researchers, that’s not all the data that Apple takes possession of. When the service is initially activated, a ton of other user data is sent to Apple, where it is remotely accessible by lawbreakers and law enforcement alike (although one of these parties would need a subpoena for it).

Adding to the security concerns, the defenses that Apple had included in their devices against unauthorized use even seem to be less effective than originally thought. Based on analysis of available evidence, the research team hypothesizes that a tool has existed since 2018 that enables an attacker to bypass these protections and effectively guess a user’s passcode.

Android-Specific Weaknesses

Android presented some serious problems in its local data protection measures. One glaring example can be found in Android’s equivalent of Apple’s Complete Protection encryption (which removes decryption keys from the device’s memory after it is locked). The big difference between Apple’s solution and Android’s solution is that Apple’s solution exists, whereas Android retains these keys—making them easily capturable.

Hence, why the Federal Bureau of Investigation can access either platform without assistance.

What Does All This Mean?

Frankly, while these discoveries are unwelcome, they aren’t all that surprising.

It is never wise to assume that data is inherently safe, just because it happens to be stored on a particular brand of device. There is no such thing as impenetrable security, so you need to do everything you can to make sure the data that your business possesses—that your users might have access to from their devices—remains protected.

This means that you should implement every tool available to reinforce security around the devices your employees access work documents and resources with. This implementation should involve all company-owned devices, as well as those belonging to your employees that are used in a Bring Your Own Device strategy. The capability to remote wipe a device of sensitive data is not something to take lightly.

Of course, you also need to reinforce the importance of an employee keeping track of their device in the first place. While losing a mobile device is obviously a bad thing on principle alone, losing one with access to sensitive data is worse.

Attend IT Limited is here to help you see to your devices and the proper management of such. To find out more about what we can do, reach out to our team at 020 8626 4485.

What Bases Should a BDR Cover?
What Should We Expect the Workplace to Look Like A...
 

Mobile? Grab this Article!

Qr Code

Tag Cloud

Technology Security Business Computing Productivity Network Security Cloud Best Practices Tip of the Week Business Managed IT Services Data Data Backup Data Recovery Hackers IT Services IT Support Innovation communications Hosted Solutions Disaster Recovery Software Backup Privacy VoIP Cybersecurity Malware Mobile Devices Small Business Efficiency Internet Saving Money Email Business Continuity Computer Cloud Computing Phishing Collaboration Hardware Business Management Outsourced IT Microsoft BDR Automation Information Technology User Tips Ransomware Productivity Smartphones IT Support Compliance Internet of Things Users Workplace Tips Workplace Strategy Quick Tips Smartphone Server Artificial Intelligence Communication Upgrade Risk Management Wi-Fi Mobile Device Management Network Managed IT Mobility Managed IT services Budget Training Spam Meetings Employee-Employer Relationship Covid-19 Gadgets Passwords BYOD Managed Service Provider Google Save Money Wireless Password Mobile Device Networking Human Resources Remote Avoiding Downtime Document Management Android Printing Information Windows 7 Remote Workers Social Media Microsoft Office VPN Remote Computing Chrome History Hosted Solution Router Instant Messaging Firewall Content Filtering Computers Data Management Cost Management Windows 10 Project Management MSP Monitoring Managed Service Virtual Private Network Help Desk Time Management Remote Work Video Conferencing Laptop Marketing Recovery Telephone Systems Government End of Support Hacker Personal Information Hard Drives Solid State Drive Current Events Encryption Battery Automobile Telephony Big Data Two-factor Authentication Audit Office Employer-Employee Relationship Value Saving Time Data Breach Data Storage Data Security Mobile Software as a Service Conferencing Redundancy Maintenance Devices Tech Term Proactive Computing Wireless Internet Hybrid Cloud Business Technology Printers IT Service Machine Learning Paperless Office Backup and Disaster Recovery Voice over Internet Protocol Mobile Office Manufacturing Customer Relationship Management AI Printer Managed Services Mobile Computing Proactive IT Social Engineering Transportation Going Green Browser Applications Private Cloud Operating System iPhone Health Windows Money Facebook Administration Colocation Windows 10 Advertising PDF Apps Legal Wireless Technology Flexibility Update Cybercrime Black Market Virtualization Shadow IT Disaster Education Application Save Time Work/Life Balance Office 365 Antivirus Holiday Entertainment HIPAA Phone System Analytics Electronic Medical Records Cleaning Hacking Smart Technology Vendor Management Samsung Company Culture App SaaS Upgrades Vulnerability The Internet of Things Dark Web Nanotechnology OneNote Business Intelligence Managed IT Service Data Protection Commerce Regulation Professional Services Travel Word Apple User Error Data Loss File Sharing Storage Lifestyle Evernote Workers Spyware intranet Blockchain IoT Analysis Chromebook Smart Tech Connectivity Streaming Media Content Filter Management Financial Technology Gamification Students Unified Communications Remote Monitoring Wasting Money Amazon Virtual Assistant Alexa for Business WPA3 File Storage Bandwidth Vendor Telephone Utility Computing Payroll SMB Downtime E-Commerce Payment Cards Break/Fix e-waste Employees Smartwatch Development Azure Active Directory Windows Server Cybersecurty Window 10 Online Storage Fiber Optics Windows Server 2008 Copiers Voiceover Internet Protocol Business Telephone Computer Repair Troubleshooting CRM Workstations Outsource IT PCI DSS Regulations Compliance Cost Remote Working Leadership Bitcoin Finance Infrastructure Videoconferencing Streaming Customer Service Copier Authentication Hiring/Firing RMM Windows 11 Cabling Going Paperless Inventory Management Employer/Employee Relationships Outsourcing How To Microsoft Outlook Files Regulations Paperless Solutions Microsoft 365 Strategy Consulting Decision Making Ergonomics Signage Customer Experience Robot Google Drive Miscellaneous Alert Law Enforcement Reputation Social Relocation Search Internet Exlporer Text Messaging Office Tips HaaS Video Games Scalability Humor How To Best Practice USB Virtual Reality Managing Stress Point of Sale Identity Theft Worker Commute Politics Experience Music Books Safety Emergency Worker Scam Computer Accessories Charger Computer Care Unsupported Software Television Business Strategy WiFi Unified Threat Management Consultant Touchscreen Emails Webinar IT solutions Windows 10s Hard Disk Drive iOS Computer Fan Root Cause Analysis Augmented Reality CrashOverride Settings Screen Mirroring Cast HBO IT Management IT Solutions WIndows Server 2008 Patch Management Outlook Shortcut Excel Sync Adobe Licensing Tablets NFL Windows Ink Google Maps Google Docs Microsoft Excel Sports Cortana Legislation Comparison Specifications Sales Retail Gifts Credit Cards FAQ Wireless Charging WannaCry Updates Microsoft Word eWaste Device Security Tech Support Fraud Edge Ciminal IT budget Identities Language Virus Websites Data Theft App store Mobile Security Identity Data Privacy Hard Drive Google Assistant Twitter Computer Forensics Gmail PowerPoint Memory Financial Bring Your Own Device Testing Camera Projects Display Co-Managed Services Hyperlink Wasting Time Accessory Peripheral Access Control Admin Keyboard Shortcuts Security Cameras Employee 5G Medical IT YouTube OneDrive Sabotage PC Server Maintenance Investment ROI Windows Server 2008 R2 Micrsosoft Digital Signage Processor Benchmarks Myths Threats Scams Managed Services Provider Facebook Privacy eCommerce Holidays Inventory Communitications Hosted Desktop Smart Devices Keyboard Net Neutrality Internet Service Provider Workstation Telework Audits Solutions Policy Procedure Organization Innovations Reviews Biometrics Computer Tips Work Windows 8.1 Voice Supply Chain Environment Workplace Strategies Print Management Healthcare SSD Remote Management Telephone System Print Database 2FA Virtual Desktop Proactive Management eSignature Cyberattack Cameras Digital Cameras Mixed Reality Displays