How Apple secures its products and services

By , Mar 7, 2016


Apple’s security and privacy features that come standard on every iOS device, such as end-to-end encryption and Activation Lock, are getting all the talk around the internet as of late as the Apple vs. FBI case continues to escalate.

What can be learned from this case is not only does Apple want to protect your privacy, but the a large number of American people also want to have their privacy. The FBI, on the other hand, wants a quick way to get into any iPhone they deem “suspicious” so long as they can get a court order to search it.

So just how secure is your Apple data, and what protection standards does Apple have in place for you? That’s just what we’re going to talk about in this piece.

How secure is your Apple ecosystem?

Your security goes hand in hand with your privacy, and if you have poor security, then it will be easy for someone to snoop into your data and your privacy is virtually nonexistent.

Because smartphones and computers are becoming such a huge part of our lives, and have so much information about us and our loved ones on them, Apple takes security on these devices very seriously.

Among some of the things you keep on your Apple devices are:

  • The location of your family and children
  • Personal contact information
  • Personal photographs and videos
  • Personal health information
  • Banking, credit card, and financial information
  • Important passwords and login information
  • Your shopping lists
  • Personal messages to and from your friends and family
  • Personal voicemails left by friends and family
  • And so forth…

Additionally, privacy goes much further than what’s on your Apple devices, but also what can be done to spy on you with your own devices. Here are some more things to consider if a hacker could get into your iPhone, Mac, or other device:

  • Could they spy on me with the two built-in cameras?
  • Could they record me at any time with the three built-in microphones?
  • Could they track my every location with the built-in GPS system?
  • Could they monitor my internet usage to see what I was doing?
  • Could they listen in on any of my phone calls?
  • And so on…

With such valuable personal information at stake, it’s no wonder why Apple is taking such a strong stance for user privacy in this Apple vs. FBI case. Obviously, the FBI doesn’t see that with great power comes great responsibility.

Apple has a detailed web document that analyzes real-time data about government information requests to Apple and shows everyone how government requests impact the privacy of its users.

The steps Apple takes to keep your iCloud data secure

Fortunately for Apple users, the company is known for having industry standard (or better) end-to-end encryption across its devices and iCloud servers alike. Apple uses strong AES encryption for many of its devices and services; even your iCloud account data, which is stored on Apple’s servers in a remote location far away from you, is encrypted for your security and well-being.

Your protection and iCloud

Apple notes in a support document that it keeps a strong lock on various types of information stored in your iCloud account. iCloud is secured with 128-bit AES encryption, which is an industry standard used by various financial institutions around the world. Apple also says encryption keys are totally private and are never shared with any third-parties.

All of the things iCloud keeps nice and secure for you include:

  • Calendars
  • Contacts
  • Bookmarks
  • Notes
  • Reminders
  • Photos
  • Documents in the Cloud
  • iCloud Drive
  • Backup
  • Find My iPhone
  • Find My Friends
  • iCloud Keychain
  • Back to My Mac
  • Mail

All of the things up to Find My Friends in the list above use a minimum of 128-bit AES encryption, but because iCloud Keychain stores even more sensitive user information, such as login information and credit card information, Apple uses even stronger 256-bit AES encryption and also uses “elliptic curve asymmetric cryptography and key wrapping” as a means of further beefing up security.

Anything done on is secured with Secure Sockets Layer (SSL), which is a standard of encryption between communication of a website with a workstation, as is information sent to and from the Mail app.

Any time your Mac’s stock apps access iCloud, a secure token is shared with iCloud to ensure it’s really you, and the token is sent over a secured SSL connection. This maintains app data security for all of your apps on your Mac and iPhone that you use regularly, and ensures the information is not sent to a third-party.

How secure is the data on your iPhone?

Apple notes that every iPhone has a 256-bit AES crypto engine built into DMA path between the flash storage and the built-in system memory, and what this means is fine encryption is efficient and keeps unwanted apps from gaining access to data that doesn’t belong to them.

AES keys are secured in a separate Secure Enclave, just like your Touch ID fingerprints are, and cannot be accessed by software on the iPhone itself; instead, all software can do is wait from a response from the Secure Enclave to see if it’s a match or not. Your iPhone then regularly deletes and cycles through keys to keep things fresh and secure on a regular basis.

The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused (UID) or compiled (GID) into the application processor and Secure Enclave during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption operations performed by dedicated AES engines implemented in silicon using the UID or GID as a key. Additionally, the Secure Enclave’s UID and GID can only be used by the AES engine dedicated to the Secure Enclave. The UIDs are unique to each device and are not recorded by Apple or any of its suppliers. The GIDs are common to all processors in a class of devices (for example, all devices using the Apple A8 processor), and are used for non security-critical tasks such as when delivering system software during installation and restore. Integrating these keys into the silicon helps prevent them from being tampered with or bypassed, or accessed outside the AES engine. The UIDs and GIDs are also not available via JTAG or other debugging interfaces.

Securely erasing saved keys is just as important as generating them. It’s especially challenging to do so on flash storage, where wear-leveling might mean multiple copies of data need to be erased. To address this issue, iOS devices include a feature dedicated to secure data erasure called Effaceable Storage. This feature accesses the underlying storage technology (for example, NAND) to directly address and erase a small number of blocks at a very low level.

When Apple said it was unfortunate that the FBI reset the password for the San Bernardo shooter’s Apple ID, they weren’t kidding. The FBI would have had a better chance cracking the basic details from the 128-bit AES encrypted data on Apple’s iCloud servers than they would cracking the 256-bit AES encrypted data on the iPhone itself.

As a result of this strong encryption, the FBI has been unable to break into this specific iPhone, and unless there’s some kind of major bug in the iOS software, which there have been plenty of in the past, there’s really no way around that. Apple furthers encryption protection because after a number of failed passcode attempts, an iPhone can be set to go on data self destruct mode and erase itself.

So just how secure is the data on your iPhone? Well if the FBI is complaining about it, you can rest assured it’s pretty darn secure.

What about the data on my Mac?

Your Mac comes with encryption software called FileVault 2, which you can configure from your System Preferences app, and this will encrypt the data on your Mac as well. FileVault 2 uses 128-bit AES encryption to help keep the data stored on your Mac’s storage drives secure, although it’s worth noting that this is a step below the iPhone’s 256-bit AES encryption.

In the event that you need your storage drive wiped, such as when selling a machine to someone else, FileVault 2 makes sure to remove all encryption keys to make the encrypted data on the storage drive inaccessible, and then proceeds to securely wipe the storage drive of your data. You could say Apple has gone a long way to keep your data safe on the Mac too, but…

Since the data on your Mac likely doesn’t involve the same level of intimate information, such as fingerprints, health information, family location information, and banking data like your iPhone does, the lower encryption level is probably fine for the time being since Apple hasn’t brought these features to the Mac yet. Still, it’s plenty strong and difficult to crack, and hasn’t been done yet.

Of course, any information you use from iCloud is going to be protected at the iCloud level, and anything in your iCloud Keychain is secured with 256-bit AES encryption while all other types of data are secured with 128-bit AES encryption.

Is the data on my Apple Watch secure too?

Apple takes the security of your Apple Watch very seriously too. Apple notes that the Apple Watch uses similar encryption methods to that of iOS, which is essentially necessary seeing as how the Apple Watch shares intimate data with the iPhone.

The Apple Watch has hardware-encrypted storage, and uses IDS encryption to share information between itself and the iPhone, and this encryption is only one of two layers of security that encrypt information when shared over a Bluetooth Low Energy (BTLE) or secured Wi-Fi connection.

There is also a lot of complex stuff going on in the pairing process between your iPhone and Apple Watch to ensure that the shared keys are not intercepted and to keep your data transmission between the devices as safe as possible from hackers.

Would I worry too much about the Apple Watch being insecure? No, not really.

Wrapping up

As demonstrated in many iOS software glitches in the past, there are ways around good security. Your information may be safe from hackers who do things the ‘right’ way by trying to break passcodes, but a good hacker will find alternative methods to get into your system for information, such as by tricking your iPhone into unlocking itself from the Lock screen.

The general rule of thumb is you should be generally safe from hackers. Apple has implemented some top-notch encryption securities in their products to keep your information from being harvested by the wrong hands in ways that could affect you and destroy your lives.

Unless Apple is somehow forced in this ongoing case to eliminate high-end encryption or to open a back door for the wrong hands to get into your device, there is little likelihood that your information will be exposed to the wrong eyes, and Apple will always stay with times as new encryption methods are standardized in the future.

Also read: Ten ways to increase privacy on iOS

Are you content with the security of your Apple ecosystem? Share in the comments!

  • Share:
  • Follow: