Attend IT Limited Blog

Are Apple Devices Immune to Threats? Don’t Bet On It

Are Apple Devices Immune to Threats? Don’t Bet On It

For a very long time, Apple has been requested to share a workaround for their platform security with law enforcement, which the company has refused outright. Their argument has been that doing so would inherently undermine their lauded security. Well, the feds have given up asking, because they went ahead and developed a workaround themselves… and in doing so, have revealed that iOS isn’t quite as secure as it was purported to be.

Let’s discuss this means for your business’ security.

The Discovery

In mid-January, a team of cryptography researchers published a report that detailed their findings after closely examining the security measures that were implemented in modern mobile devices. Their study, entitled Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions, sought to determine three things:

  1. What security measures are currently in place to help deter unauthorized access to user data
  2. How unauthorized access is obtained on modern devices
  3. How mobile security can be improved to prevent unauthorized access moving forward

After an in-depth analysis of both platforms, the results were clear, but could still surprise a loyalist to Apple and their reputation for untouchable security. While both operating systems performed admirably, neither Android nor iOS had extensive enough security preparations—enabling anyone who had the right equipment, so to say, to access the operating systems.

While the report did state that the researchers were able to “find a powerful and compelling set of security and privacy controls, backed and empowered by strong encryption” in iOS, these tools simply were not used consistently enough to sufficiently secure these devices.

Android’s issue laid more in the diversity of phones and manufacturers that Android can be found in, with lacking communications between Google and phone developers, slowly implemented updates, and differences in software architecture leading to inconsistencies in the platform’s security and privacy controls. Both platforms share a weakness where their data is synchronized with cloud services.

Mind you, these are all vulnerabilities in the physical device and its software infrastructure itself. In the rest of the report, the researchers detailed the specific vulnerabilities that each platform presents.

Apple-Specific Weaknesses

Apple enables users to securely store their data in its iCloud cloud solution, but according to these researchers, that’s not all the data that Apple takes possession of. When the service is initially activated, a ton of other user data is sent to Apple, where it is remotely accessible by lawbreakers and law enforcement alike (although one of these parties would need a subpoena for it).

Adding to the security concerns, the defenses that Apple had included in their devices against unauthorized use even seem to be less effective than originally thought. Based on analysis of available evidence, the research team hypothesizes that a tool has existed since 2018 that enables an attacker to bypass these protections and effectively guess a user’s passcode.

Android-Specific Weaknesses

Android presented some serious problems in its local data protection measures. One glaring example can be found in Android’s equivalent of Apple’s Complete Protection encryption (which removes decryption keys from the device’s memory after it is locked). The big difference between Apple’s solution and Android’s solution is that Apple’s solution exists, whereas Android retains these keys—making them easily capturable.

Hence, why the Federal Bureau of Investigation can access either platform without assistance.

What Does All This Mean?

Frankly, while these discoveries are unwelcome, they aren’t all that surprising.

It is never wise to assume that data is inherently safe, just because it happens to be stored on a particular brand of device. There is no such thing as impenetrable security, so you need to do everything you can to make sure the data that your business possesses—that your users might have access to from their devices—remains protected.

This means that you should implement every tool available to reinforce security around the devices your employees access work documents and resources with. This implementation should involve all company-owned devices, as well as those belonging to your employees that are used in a Bring Your Own Device strategy. The capability to remote wipe a device of sensitive data is not something to take lightly.

Of course, you also need to reinforce the importance of an employee keeping track of their device in the first place. While losing a mobile device is obviously a bad thing on principle alone, losing one with access to sensitive data is worse.

Attend IT Limited is here to help you see to your devices and the proper management of such. To find out more about what we can do, reach out to our team at 020 8626 4485.

What Bases Should a BDR Cover?
What Should We Expect the Workplace to Look Like A...
 

By accepting you will be accessing a service provided by a third-party external to https://www.attendit.net/

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Network Security Business Computing Tip of the Week Best Practices Productivity Cloud Managed IT Services Data Backup Disaster Recovery Privacy Data Recovery Hosted Solutions communications VoIP Backup Hackers Malware Data Business Continuity Business Small Business Outsourced IT IT Services IT Support Email Innovation Cybersecurity Cloud Computing Software Efficiency Productivity Mobile Devices Internet IT Support Phishing Computer Saving Money Business Management Internet of Things Upgrade Automation Smartphone BDR Hardware Information Technology Managed IT services Server Mobile Device Management Collaboration Covid-19 Microsoft Managed IT BYOD Mobility Network Ransomware User Tips Risk Management Managed Service Provider Gadgets Compliance Communication Workplace Tips Artificial Intelligence Avoiding Downtime Wi-Fi Windows 7 Budget Save Money History Quick Tips Hosted Solution Spam Computers Remote Computing Firewall Password MSP Virtual Private Network Managed Service Smartphones Passwords Cost Management Meetings Data Management Wireless Telephony Telephone Systems Router Printing Value Human Resources Automobile Users VPN Devices Wireless Internet End of Support Data Breach Saving Time Data Security Google Hard Drives Microsoft Office Conferencing Android Paperless Office Manufacturing Windows 10 Employer-Employee Relationship IT Service Solid State Drive Document Management Content Filtering Mobile Device Hybrid Cloud Instant Messaging Redundancy Training Personal Information Remote Work Tech Term Remote Workers Business Technology Networking Marketing Employee-Employer Relationship Recovery Audit Regulations Compliance WPA3 Money Copiers Office Wasting Money Black Market Commerce Professional Services Shadow IT Workers Big Data Leadership Customer Relationship Management Remote Monitoring Hacker Upgrades Cost Streaming Media Payment Cards Video Conferencing Antivirus Proactive Managed Services Machine Learning File Storage AI Voiceover Internet Protocol Flexibility Business Intelligence Lifestyle Computing Amazon Travel Voice over Internet Protocol iPhone Transportation Payroll Windows 10 Cybercrime Remote Content Filter Dark Web Project Management Outsource IT Social Media Holiday Bandwidth Operating System Proactive IT Private Cloud Software as a Service Education Spyware Cleaning Time Management Gamification Facebook App Business Telephone Work/Life Balance IoT Analysis Virtual Assistant Azure Mobile Computing Applications e-waste Telephone Fiber Optics Going Green Mobile Office Advertising Phone System Monitoring Backup and Disaster Recovery Hacking Smartwatch SaaS Computer Repair Update Managed IT Service Entertainment Samsung Chromebook Cybersecurty Vulnerability Regulation Apple Application Workstations Office 365 Printer SMB Alexa for Business Active Directory Disaster Windows Server 2008 Legal OneNote Development Data Protection Evernote Remote Working Management Break/Fix Printers Window 10 Nanotechnology Save Time intranet Smart Technology Students Utility Computing Administration Browser HIPAA Smart Tech Downtime Vendor User Error Two-factor Authentication PCI DSS Windows Server Word Encryption Electronic Medical Records Employees Wireless Technology Help Desk Mobile Virtualization Financial Technology Online Storage Social Engineering Unified Communications Colocation Company Culture Laptop Connectivity E-Commerce Government The Internet of Things Data Loss Sales Virus Identity Security Cameras Processor Windows 10s Outlook Windows Ink Device Security Safety PowerPoint OneDrive Accessory Settings Identity Theft Blockchain Telework Micrsosoft Apps Miscellaneous Medical IT Display Relocation Augmented Reality Cortana ROI Hosted Desktop Current Events Cast FAQ Politics Charger Testing Law Enforcement Scams Computer Fan Google Docs Ciminal Retail Vendor Management Data Privacy Benchmarks Hard Disk Drive Shortcut Google Maps Managing Stress Emergency Sabotage Peripheral Business Strategy Worker Commute Identities Scam Audits Digital Signage Text Messaging USB Updates Books Biometrics Google Assistant Co-Managed Services eCommerce Video Games Financial Windows Server 2008 R2 Consultant Smart Devices Adobe Wireless Charging Experience Employee Camera Reputation Managed Services Provider Microsoft Excel Scalability Websites Policy Hard Drive Excel PC Access Control Legislation Solutions Office Tips Emails IT Solutions Tablets Virtual Reality Microsoft Word Twitter Health Television CrashOverride Internet Service Provider Bring Your Own Device Troubleshooting HBO Google Drive WannaCry Innovations Projects Computer Care Facebook Privacy File Sharing Admin Internet Exlporer Chrome Gifts Data Theft Procedure HaaS Tech Support Worker Memory Comparison Language App store Webinar WIndows Server 2008 Alert NFL Maintenance Computer Forensics YouTube Hyperlink Windows Touchscreen CRM Licensing Music Social Unsupported Software Storage Server Maintenance WiFi Inventory Humor Data Storage Organization Myths iOS Sync Battery Fraud Specifications Computer Accessories Mobile Security Information IT solutions Patch Management eWaste Gmail Wasting Time Search Holidays Robot Workstation PDF Keyboard Best Practice IT Management Analytics Reviews 5G Root Cause Analysis Sports IT budget Investment Keyboard Shortcuts Unified Threat Management Communitications How To Screen Mirroring Credit Cards Threats Point of Sale Edge Net Neutrality